Skip to main content

Massive Words with Friends hack exposes 218 million account login details

A hacker has claimed responsibility for a massive breach of the popular mobile game Words With Friends, saying more than 218 million account logins and associated data have been stolen. The hacker, known as Gnosticplayers, told The Hacker News the data comes from Android and iOS versions of the game, and includes everything from names and email addresses, to hashed passwords, phone numbers, and Facebook identification.

Words With Friends developer Zynga released a statement on September 12 regarding a cyberattack, but did not go into the extent of the hack or the numbers involved. It set about reassuring players that it did not believe any financial information had been accessed, but that account login information had. Zynga said it had, “taken steps to protect these users accounts from invalid logins,” and that following further investigation players would be notified of any concerns.

Recommended Videos

The potential severity of the hack has only become clear after Gnosticplayers spoke to The Hacker News. Sample data shared with the site included names, email addresses, login IDs, hashed passwords, password reset tokens, phone numbers, Facebook identification, and Zynga account details. In addition to the Words With Friends hack, Gnosticplayers claimed responsibility for hacking seven million other clear text passwords for accounts from Zynga’s Draw Something and the OMGPOP game, which is no longer available.

Please enable Javascript to view this content

The breach concerns account holders that have logged into Zynga’s games up to and including September 2, 2019. Even more concerning than the hack itself, is where the 218 million or more account details may end up. Gnosticplayers has successfully hacked dozens of other websites during 2019, varying from MyFitnessPal to CoffeeMeetsBagel, and has gone on to sell the account details through the dark web. It’s entirely possible the same thing will happen with the data from the latest hack.

If you play Words With Friends, what is the next step? As with all hacks, the best thing to do is change your password immediately, and also change it on any other sites or services where it was reused. If the service is offered, it’s always advisable to switch on two-step verification, which adds an additional layer of security to some accounts. Be extra vigilant when receiving unexpected emails that claim to be from sites you use requesting details or password changes too.

Zynga has launched an investigation, is working with forensic teams, and has contacted law enforcement about the hack.

Andy Boxall
Andy is a Senior Writer at Digital Trends, where he concentrates on mobile technology, a subject he has written about for…
T-Mobile investigating claims of massive hack involving customer data
T-Mobile storefront with corporate signage.

T-Mobile says it’s investigating claims of a major data breach that may affect as many as 100 million of its customers.

A message spotted on an underground forum on Sunday, August 15, came from someone claiming to be in possession of personal data belonging to 100 million people. The message made no mention of T-Mobile, but when the poster was contacted by news site Motherboard, it became apparent that the mobile company's customers were at the center of the alleged hack. The figure of 100 million would be remarkable as it's almost equal to T-Mobile's entire customer base.

Read more
iPod hack puts 50 million Spotify songs in your pocket
ipod hack puts 50 million spotify songs in your pocket streaming device

 

When the iPod music player launched in 2001, Apple went with the slogan, “1,000 songs in your pocket.”

Read more
Three charged in massive Twitter hack
Twitter Bitcoin

 

A 17-year-old male from Florida has been arrested for being the alleged "mastermind" behind the massive Twitter hack that targeted high profile accounts with a Bitcoin scam, according to prosecutors.

Read more