Industry News

Hack strikes Words with Friends and Draw Something, amid claims 218 million players’ details breached

Players of the popular Words with Friends and Draw Something smartphone games are being advised to change their passwords following what sounds like a security breach at game developer Zynga.

Zynga, which also develops other hit games such as FarmVille and Mafia Wars, posted an advisory earlier this month that the account login details of “certain players” of Draw Something and Words with Friends “may have been accessed”, and shared links with information about how players could change their passwords.

Zynga said that it did not believe any financial information had been accessed, and said that it had informed law enforcement agencies of the security breach. What it did not share, however, was any indication of the scale of a breach involving some of the world’s most popular smartphone games.

However, a report published yesterday by The Hacker News suggests that simply suggesting (as Zynga did) that “certain players” are affected may be underplaying the scale of the breach.

Pakistani hacker Gnosticplayers told The Hacker News that he managed to extract 218 million records from Zynga’s servers.

According to the hacker, details stolen included:

  • names
  • email addresses
  • usernames
  • hashed passwords, SHA1 with salt
  • phone numbers
  • Facebook IDs (if linked)
  • password reset tokens (if previously requested)

If you are, or ever have been, a player of Words with Friends or Draw Something my advice would be to change your password and ensure that you are not reusing that same password anywhere else online.

You can find instructions for changing your Words with Friends password here.

You can find instructions for changing your Draw Something password here.

If you have no intention of playing the games ever again you might go one step further, and request Zynga deletes your gaming account and personal data (requests can take up to 30 days)

According to Zynga, players who connected to Draw Something via Facebook Login do not need to take any further action at this time.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

1 Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.