Zynga’s Breach Saga
Zynga Inc has started back in 2007 and acquired Farmville after two years to become one of the prominent game operators in its space. It further developed games like CityVille, Hit It Rich, Zynga Poker, CSR racing, etc. Its games are available on Android/iOS and with Facebook. It sources revenue by displaying ads via its games. Further by selling virtual items within games and licensing its brands. The whole story here is about the data breach on one of its games, Words with Friends. Securing the passwords here is of two-layered, salting and hashing. This makes the hacker, even after obtaining the database, is hard for tuning them into really usable passwords. Yet, the beached happened and every user given data to the company is at stake. The breach, sized about 172,869,660 in total accounts, consisted of usernames passwords and email IDs of those players. Further, few people who’ve given their Facebook IDs and phone numbers were breached! Have I Been Pwned, ranking this breach as tenth worst if their list, says the details of this breach were given to it by team HIBP from dehashed.com? Zynga has openly admitted of being hacked in September this year saying,
OMGPop Too?
News website Hacker News claims to have talked with the hacker of this incident, who goes by an online alias name, Gnosticplayers. The hacker(s) claims to have stolen other minor databases of Zynga’s, as one such is a discontinued game called OMGpop. This breach was claimed to be of 7 million passwords of users. If you’re player of either of games or anything, you should be changing your passwords often. This is the only securing way. And if you’re unsure of being hacked in any of your online accounts, use haveibeenpwned.com to verify whether your email is used anywhere else on the internet. Another suspicion is about Zynga’s Director Ellen F. Siminoff selling about 5,000 shares of his stock in the company on Monday, December 16th. He made over 30,000 from the transaction that was disclosed in a legal filing with the SEC. The correlation of these events of breach announcement and selling off shares gets to be assessed.