Words With Friends DB Hacked; 620M Accounts Leaked

The word "hacked" is worth 16 points in Scrabble. It's also what appears to have happened to a database of 218 million users of the popular online game "Words With Friends."

A few weeks ago game creators Zynga said it "recently discovered that certain player account information may have been illegally accessed by outside hackers." It didn't give any detail on numbers, but went on to say that account login information may have been accessed. (Source: zynga.com)

Now a hacker has come forth and is attempting to sell the details of 620 million Zynga game accounts, of which 218 million involved Words With Friends. Other affected games appear to include "Draw Something" and "OMGPOP."

Mobile Users Affected

According to the hacker, the breach covers details of anyone who installed Words With Friends on mobile devices (Android or iOS) before September 2, 2019. The stolen data includes details of associated Facebook IDs, but doesn't appear to affect people who have only played on computers.

Other stolen data includes user names, email addresses, phone numbers, account IDs and passwords. It appears that the passwords for Words With Friends are encrypted, which may slow down hackers from accessing them, but it's possible that the passwords may become available later. Zynga says that the OMGPOP database used plain text, meaning that those passwords have been compromised.

There's some speculation that the hacker may have accessed passwords from one breach and used them to try to get into Words With Friends accounts. However, the description the hacker gave and the number of people reportedly affected suggests its more likely the hacker has breached a database rather than individual accounts. (Source: thenextweb.com)

Reused Passwords Risky

Zynga hasn't made any further comment since the hacker made the claims. It previously said it's using forensic experts to investigate and has taken steps to protect affected users against invalid logins.

It's highly recommended that players of Zynga games reset their passwords, especially if the same password was used on multiple services (such as online banking). It's also a reminder that reusing passwords across sites is incredibly risky, even with what seems like a non-sensitive service.

What's Your Opinion?

Do you play Words With Friends or similar games? Have you had any direct contact from Zynga warning of a breach? Do you use a unique password for every site and service online?