How to Protect Yourself from Zynga Data Breach

  • By David Lukic
  • Nov 01, 2021

What Does Zynga Data Breach Mean?

Zynga is an online game developer, and in September 2019, its systems were breached by thieves who stole more than 200 million users’ account data.

A hacker calling himself/herself GnosticPlayers claimed responsibility for the data breach that affected online games like Words with Friends and Draw Something on both the Android and iOS platforms. The breach occurred through a vulnerability allowing the hacker to access a database with user credentials and information.

Zynga Data Breach

The list of information stolen included:

Originally estimates theorized that 200 users may have been affected, but according to Zynga and a database they set up so users could check if they were involved, shows only 173 million users were breached. Zynga was quoted after the breach as saying, “As a precaution, we have taken steps to protect certain players’ accounts from invalid logins, including but not limited to where we believe that passwords may have been accessed. Zynga has begun the process of sending individual notices to players where we believe that notice is required.” 

Due to the fact that many of the mobile game users are minors (as many as 14 million kids could be affected), there are lawsuits pending for retribution. Zynga has also been criticized for not alerting affected users sooner.

When Was the Zynga Data Breach?

The Zynga data breach occurred on September 12th of 2020. Anyone who installed the games before September 2nd was potentially exposed. The gaming company immediately contacted law enforcement, isolated affected accounts, and took quick action to protect customers. They also contacted users and urged them to change their account passwords. Zynga hired security experts to trace the breach back to its origins and help safeguard its platform for the future.

How to Check if Your Data Was Breached

If you had either Word with Friends or Draw Something installed on your device with an account to play during September 2020, your information may have been exposed in the data breach. You should have received notification by now directly from Zynga. They initially had a website where users could check to see if their names/usernames were on the list, but that has since been removed. You can, however, use third-party resources to check to see if your information has been breached or shows up anywhere on the dark web.

What to Do If Your Data Was Breached

If you were at risk, the first thing you should do is change your account password. If you reused that password on other websites, change those immediately also. You might also consider installing antivirus or malware protection on your computer or mobile device and run deep scans often. Be on the lookout for phishing emails. Your stolen email address could be used to lure you into other types of scams or fraud.

What to Do After a Data Breach?

Are There any Lawsuits Because of the Data Breach?

Yes. One class-action lawsuit was initially filed in the U.S. District Court for California by the parents of a minor whose information was included in the data breach. They are asking for $5 million in damages for the incident. The lawsuit claims Zynga failed to protect victims’ personally identifiable information (PII), which could lead to identity theft or fraud. Now that the information has hit the dark web, the claim also says the breach could lead to “further irreparable harm to the plaintiffs’ personal, financial, reputational and future well-being.”

Can My Zynga Information Be Used for Identity Theft?

Yes. Perpetrators of identity theft need very little to begin their work. Once they have an email address, name, or account login details, they can troll the dark web for linked information to pull together an entire profile about you. Unfortunately, access to your information is not always protected adequately, and the result is a fraud, identity theft, or worse.

  • Your email address alone could be used for phishing scams.
  • Your phone number could be used by thieves to call and wage phone scams.
  • If you reuse account logins (usernames/passwords), cybercriminals could potentially hack their way into your other accounts (even bank and credit card accounts) using credential stuffing to steal from you.

Zynga Tells You How to Keep Your Online Gaming Accounts Safe?

In the wake of this attack, Zynga posted an entire page of suggestions on how to keep your mobile gaming accounts safe. Some of the highlights include:

  • “Never give anyone your login name and password for your Zynga account or for the platform on which you play Zynga games (e.g., Facebook, Apple, Google Play, etc.).  Zynga and its employees will never ask for your login information. 
  • Never give out your personal information, like your social security number or full credit card information, to anyone. 
  • As always, be alert to any requests for personal information via email and always verify the identity of the requester.
  • Don’t reuse your passwords. Create a unique and strong password for every account or login you have.
  • Be wary of messages that sound too good to be true (such as advertisements for free chips or virtual currency). 
  • Always use caution when clicking on a link and consider the source. If someone sends you a link to a web page that requires you to input your login or password, close that page immediately. This also applies to links posted on Zynga Fanpages by other players. Just because a link is posted by another player on a Zynga Fanpage doesn’t mean that the link is approved by Zynga. We do our best to take down scammy or phishing posts when we learn about them but be smart before you click.

How to Keep Gaming Accounts Safe?

IDStrong also recommends installing good antivirus/anti-malware software on all your devices and running deep scans often. Use super strong, complex passwords made up of a combination of letters, symbols, and numbers. Use common sense when opening emails and answering unsolicited phone calls. Always be on the lookout for scams and fraud.

About the Author
IDStrong Logo

Related Articles

What is Data Leak and How to Prevent Accidental Data Leakage

Data breaches take many forms, and one of them is through data leak and accidental web exposure. M ... Read More

The Saga of T-Mobile Data Breach: 2013, 2015, 2021 and 2023 Hacks

T-Mobile has experienced a number of data breaches in the past decade. The first case occurred som ... Read More

Anthem Data Breach Exposed 78 Million Records

In the Anthem Data Breach of 2015, hackers were able to steal 78.8 million member’s records. ... Read More

Everything You Need to Know About Insider Data Breach

Data breaches are on the news frequently, but the average person doesn’t really know that mu ... Read More

The NSA Hack, How Did it Happen?

The National Security Agency (NSA) was the main attraction in a major data breach involving three ... Read More

Latest Articles

Health Organization Records Stolen via Welltok’s MOVEit - 930k+ Including Minors

Health Organization Records Stolen via Welltok’s MOVEit - 930k+ Including Minors

The number of victims caused by the global MOVEit data breach continues to climb; Welltok has announced more exposures, this time from three more health organizations.

MOVEit Breach Creates More Victims; 105k Records Stolen from Insurance Group

MOVEit Breach Creates More Victims; 105k Records Stolen from Insurance Group

"Pan American Life Insurance Group Building - New Orleans" by Tony Webster is licensed under CC BY 2.0. Source: Flickr

New York Healthcare Provider Notified 600k Following Network Cyberattack

New York Healthcare Provider Notified 600k Following Network Cyberattack

East River Medical Imaging (ERMI) has three locations in New York City and Westchester County.  ERMI is a "multi-modality radiology center," including patient-centered solutions like MRIs, CTs, ultrasounds, imaging, radiology, fluoroscopy, and x-rays.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address