A Pakistani hacker who previously made headlines earlier this year for selling almost a billion user records stolen from nearly 45 popular online services has now claimed to have hacked the popular mobile social game company Zynga Inc.
With a current market capitalization of over $5 billion, Zynga is one of the world’s most successful social game developers with a collection of hit online games—including FarmVille, Words With Friends, Zynga Poker, Mafia Wars, and Café World—with over a billion players worldwide.
Going by the online alias Gnosticplayers, the serial hacker told The Hacker News that this time, he managed to breach “Words With Friends,” a popular Zynga-developed word puzzle game, and unauthorized access a massive database of more than 218 million users.
According to the hacker, the data breach affected all Android and iOS game players who installed and signed up for the ‘Words With Friends’ game on and before 2nd September this year.
In a statement published over a week ago, Zynga admitted the data breach, revealing that the “account login information for certain players of Draw Something and Words With Friends that may have been accessed,” though the company did not reveal the number of affected users.
“We recently discovered that certain player account information may have been illegally accessed by outside hackers.”
Based on a sample data Gnosticplayers shared with The Hacker News, the stolen users’ information includes their:
- Email addresses
- Login IDs
- Hashed passwords, SHA1 with salt
- Password reset token (if ever requested)
- Phone numbers (if provided)
- Facebook ID (if connected)
- Zynga account ID
Besides this, the hacker also claims to have hacked data belonging to some other Zynga-developed games, including Draw Something and the discontinued OMGPOP game, which allegedly exposed clear text passwords for more than 7 million users.