172 million poorly secured passwords have been leaked from game maker Zynga
More than 170 million usernames and passwords of game developer Zynga have been stolen in a hack. The maker of Words With Friends and Farmville, among others, was hacked in September this year. Now it appears that millions of accounts have been stolen.
This concerns exactly 172,869,660 unique accounts, according to data published by Have I Been Pwned. This mainly concerns usernames and passwords. In some cases, phone numbers and linked Facebook identities have also been leaked, provided users gave them to Zynga. The data comes from a hack on the popular Words With Friends. The passwords that were stolen are hashed and salted, but the encryption is a SHA-1 algorithm that hasn’t been very secure for years. In addition, plaintext passwords may have been stolen from seven million users in a hack on an older game called OMGpop.
It had been suspected for some time that Zynga had been hacked. Back in September, Hacker News spoke to a hacker called Gnosticplayers. He said he hacked Zynga and stole 218 million records. Zynga confirmed this in September, although it was not yet known how many records were involved. The actual number is now lower than the hacker initially claimed, but that may be explained by the fact that Have I Been Pwned was unable to verify all records. The hack on Zynga is still very large with 172 million users: in the Have I Been Pwned database it is the tenth largest data breach ever.