A Pakistani hacker who
previously made headlines earlier this year for selling almost a billion
user records stolen from nearly 45 popular
online services has now claimed to have hacked the popular mobile social game
company Zynga Inc.
With a current
market capitalization of over $5 billion, Zynga is one of the world’s most
successful social game developers with a collection of hit online
games—including FarmVille, Words With Friends, Zynga Poker, Mafia Wars, and
Café World—with over a billion players worldwide.
Going by the online
alias Gnosticplayers, the serial hacker told The Hacker News that this time, he
managed to breach “Words With Friends,” a popular Zynga-developed word puzzle game, and unauthorized
access a massive database of more than 218 million users.
According to the hacker, the data breach affected all Android and iOS game
players who installed and signed up for the ‘Words With Friends’ game on and
before 2nd September this year.
In a statement published over a week ago, Zynga admitted
the data breach, revealing that the
“account login information for certain players of Draw Something and Words With Friends that may
have been accessed,” though the company did not reveal the number of
affected users.
“We recently discovered that certain player account information may have been illegally accessed by outside hackers.”
Based on a sample data Gnosticplayers shared with The Hacker News, the stolen users’ information includes their:
- Names
- Email addresses
- Login IDs
- Hashed passwords, SHA1 with salt
- Password reset token (if ever requested)
- Phone numbers (if provided)
- Facebook ID (if connected)
- Zynga account ID
Besides this, the hacker also claims to have hacked
data belonging to some other Zynga-developed games, including Draw Something
and the discontinued OMGPOP game, which allegedly exposed
clear text passwords for more than 7 million users.