Skip to main content

Massive Words with Friends hack exposes 218 million account login details

A hacker has claimed responsibility for a massive breach of the popular mobile game Words With Friends, saying more than 218 million account logins and associated data have been stolen. The hacker, known as Gnosticplayers, told The Hacker News the data comes from Android and iOS versions of the game, and includes everything from names and email addresses, to hashed passwords, phone numbers, and Facebook identification.

Words With Friends developer Zynga released a statement on September 12 regarding a cyberattack, but did not go into the extent of the hack or the numbers involved. It set about reassuring players that it did not believe any financial information had been accessed, but that account login information had. Zynga said it had, “taken steps to protect these users accounts from invalid logins,” and that following further investigation players would be notified of any concerns.

The potential severity of the hack has only become clear after Gnosticplayers spoke to The Hacker News. Sample data shared with the site included names, email addresses, login IDs, hashed passwords, password reset tokens, phone numbers, Facebook identification, and Zynga account details. In addition to the Words With Friends hack, Gnosticplayers claimed responsibility for hacking seven million other clear text passwords for accounts from Zynga’s Draw Something and the OMGPOP game, which is no longer available.

The breach concerns account holders that have logged into Zynga’s games up to and including September 2, 2019. Even more concerning than the hack itself, is where the 218 million or more account details may end up. Gnosticplayers has successfully hacked dozens of other websites during 2019, varying from MyFitnessPal to CoffeeMeetsBagel, and has gone on to sell the account details through the dark web. It’s entirely possible the same thing will happen with the data from the latest hack.

If you play Words With Friends, what is the next step? As with all hacks, the best thing to do is change your password immediately, and also change it on any other sites or services where it was reused. If the service is offered, it’s always advisable to switch on two-step verification, which adds an additional layer of security to some accounts. Be extra vigilant when receiving unexpected emails that claim to be from sites you use requesting details or password changes too.

Zynga has launched an investigation, is working with forensic teams, and has contacted law enforcement about the hack.

Editors' Recommendations

Andy Boxall
Andy is a Senior Writer at Digital Trends, where he concentrates on mobile technology, a subject he has written about for…
Some accounts had private messages stolen in Twitter hack
Twitter symbol photo. Credits: Twitter official.

Twitter has shared more details about how dozens of high-profile accounts were accessed and used to promote a cryptocurrency scam this week.

Twitter has already revealed that around 130 accounts were targeted in the hack, including accounts of prominent political figures like Barack Obama and Joe Biden as well as cryptocurrency enthusiasts Elon Musk and other celebrities like Kanye West.

Read more
Twitter says 130 accounts were targeted in massive Bitcoin hack
Twitter Bitcoin

Twitter has released more information about the major hack it suffered on Wednesday, July 15 that resulted in a large number of high-profile accounts tweeting messages as part of a Bitcoin scam.

In several tweets posted on Thursday evening, the company said that around 130 accounts had been targeted in the breach, which is thought to have been enabled after the hackers convinced a number of Twitter employees into giving access to the social media site’s systems.

Read more
FBI moves in to investigate Twitter’s massive Bitcoin hack
Twitter symbol photo. Credits: Twitter official.

The Federal Bureau of Investigation (FBI) is now examining the major hack that hit Twitter on Wednesday, July 17, in a bid to find out who was behind the incident, the Wall Street Journal reports

Twitter accounts belonging to Barack Obama, Joe Biden, Bill Gates, Elon Musk, and Jeff Bezos, among other high-profile users of the microblogging service, were hit in a scam that involved a fake tweet encouraging followers to send payments to a Bitcoin wallet. It had some success, too, as data on showed that more than $115,000 via 392 transactions was sent to the Bitcoin wallet posted in the messages.

Read more