Words with Friends, Draw Something, and Farmville are among some of the most popular mobile games on the internet. That’s why players were shocked when Zynga, the company responsible for these titles, announced a data breach that impacted millions of users. Whether you use Zynga products or know someone who does, keep reading to find out how to save your account and protect your data in the future. Read More »
On September 12th of 2019, Zynga announced that the company had experienced a data breach. The official announcement mentioned that “cyber attacks are one of the unfortunate realities of doing business today,” but they didn’t discuss the depth of the breach or the number of players who were impacted.
It wasn’t until a November statement by the popular internet security services Have I Been Pwned that users found out about the true nature of the breach. According to Have I Been Pwned, nearly 173 million users had their passwords and email addresses leaked to the internet.
The public wasn’t aware of the full scope of this breach for nearly three months after the event. This left an uncomfortably wide window for hackers to find the information and attempt to access the compromised accounts. Zynga probably could have done more to notify their user base – but either way, it’s important that you take steps to secure your account as soon as possible.
What Information Was Leaked in the Zynga Breach?
Have I Been Pwned listed the Zynga breach in their top 10 largest breaches of all time. Although millions of users were impacted, the breach wasn’t nearly as drastic as it could have been. The released information included:
- Usernames – Your Zynga username was used to identify the leaked data.
- Email addresses – Whatever email address you used to sign up for Zynga services was listed next to your username.
- Passwords – Passwords were leaked as “salted hashes,” which means that hackers still need to decode them before they can gain account access.
Luckily, the breach didn’t seem to include any financial information, IP addresses, or physical accounts. It also didn’t include login information for Facebook or any other platform which might be connected to your Zynga account.
Has Your Information Been Leaked?
After the breach happened, Zynga went out of their way to notify some of the users who had been affected. Unfortunately, they weren’t able to reach all 173 million players. Even if you didn’t receive an email, your data still might have been part of the breach.
The easiest way to deal with a data breach is to update your login right away. Choose something that you haven’t used on other websites, and don’t re-use the same password in the future. If you use your Zynga username on other websites, you should choose new passwords for those services as soon as possible.
If you’re really worried, you can also use a site like Have I Been Pwned to see if you’ve been included in the Zynga breach or in any other breaches across the internet. Don’t run your information through any breach-checking service that asks for more than your email address – they might just be collecting your data.
Is It Still Safe to Use Zynga Products?
One data breach isn’t a sign that more data breaches will happen in the future. Major companies like Zynga usually take immediate steps to correct the security issue that allowed the breach to happen in the first place.
So if you love Words with Friends, keep playing. Just make sure to change your login to something unique that you don’t use on other sites. Don’t forget to check the settings in your account; if you see anything that doesn’t belong to you, contact Zynga support.
How to Protect Your Data in the Future
You can’t prevent leaks from happening, but you can make sure that a single leak doesn’t impact the rest of your accounts. Try these steps for a relatively safe internet browsing experience.
- Use a unique password for every website. It might be difficult to remember this many passwords, but it’s the only way to be sure that leaked information won’t compromise the rest of your accounts. At the minimum, make sure that you have different passwords for your email, online banking, and social media accounts.
- Change your login if you suspect unauthorized access. Hackers only have access to leaked information, and they can’t see any changes that you make. As soon as you update your login, your account should be safe. Don’t forget to check “sign out of all devices” if you have the choice.
- Sign up for account recovery options. Always link your accounts to your phone or to an alternative email address. If a hacker locks you out of your own account, these recovery methods will let you log in and change your information back.
- Be careful about signing up for accounts. Unless you recognize and trust a website, don’t make an account. Be particularly wary of services that ask you to make an account without a good reason; they might just be trying to collect your information.