© Canary Trap 2024 All Rights Reserved
Share

173 Million Zynga Users Affected in ‘Words with Friends’ Hack

173 Million Zynga Users Affected in ‘Words with Friends’ Hack

Many gamers don’t understand that playing a mobile game can jeopardize the security of their other online accounts. In September 2019, a hacker with the handle “Gnosticplayers” gained access to a Zynga database that contained the user account data for people who installed Words with Friends, Draw Something, or OMGPOP.

Unfortunately for Zynga users, the hacker was not playing games. He was able to gain access to the data of over 170 million users, making this data breach one of the biggest of all time. But it goes further than that; it’s possible that by gaining access to this data, the hacker effectively compromised all user accounts dating back to the launch of each game.

Zynga performed its due diligence despite it all; it notified law enforcement and internally investigated the hack. Zynga also notified its users and told them to change their passwords immediately. 

So, how was this hacker able to capture so much data?

Lessons Learned From This Hack

During the Zynga hack, the hacker gained access to plain text passwords and hashed passwords using outdated, insecure SHA-1 cryptography. Unfortunately, Zynga was not storing its users’ passwords securely. This kind of hack could have caused a lot of collateral damage. If Zynga had performed a thorough vulnerability assessment, it could have exposed this flaw early, making the hashed passwords useless to a hacker. 

The insecure passwords put the Zynga users’ other accounts at risk because many people use the same passwords on multiple online accounts; therefore, the hacker might have had the keys to the victims’ email accounts, social network accounts, or even bank accounts.

While Zynga didn’t disclose how the hacker was able to access the user data, hackers usually gain access to a system through vulnerabilities in software. This can be prevented with penetration testing, which will identify those flaws before hackers find them, giving companies time to patch their software.

Preventing a Similar Hack

Security is complicated. A company is risking a data breach if it ignores flaws in its system or puts them on the back burner for later. A penetration test will point out the flaws in servers and applications, which will allow them to be fixed before they become a problem.

threat risk assessment (TRA) will go deeper than a penetration test to vet policies and procedures. As a generally understood security best practice, outdated cryptography, let alone plain text passwords, should not be used.

Share post:

Take the next step to
engage with Canary Trap

If you require our cybersecurity services please share your details below and we will be in touch!

Popup Form

  • This field is for validation purposes and should be left unchanged.

MISSISSAUGA (CAN HQ)

  • 2425 Matheson Boulevard East
  • 8th Floor
  • Mississauga, Ontario
  • L4W 5K4

BUFFALO (USA HQ)

  • 50 Fountain Plaza
  • Suite 1400
  • Buffalo, New York
  • 14202

WINNIPEG

  • 201 Portage Avenue
  • 18th Floor
  • Winnipeg, Manitoba
  • R3B 3K6

TAMPA

  • 4830 West Kennedy Boulevard
  • Suite 600
  • Tampa, Florida
  • 33609

© 2024 Canary Trap. All rights reserved | Privacy Policy To Top