As per Hacker News, a Pakistani hacker who goes by the name of ‘Gnosticplayers’ – who earlier this year put the credentials of 620 million accounts from 16 websites up for sale – has claimed to have successfully breached Words With Friends to access a database of more than 218 million users.
Pilfered details are said to include players’ names, email addresses, login IDs, hashed passwords, password reset tokens (if requested), phone numbers, Facebook IDs and Zynga account IDs.
According to Gnosticplayers, the breach affects all Android and iOS users who installed and signed up for Words With Friends game on and before 2 September this year.
He also claims to have hacked data belonging to some other Zynga games, including Pictionary-copycat Draw Something and the now-defunct OMGPOP game, which allegedly exposed clear text passwords for more than seven million users.
While Zynga has yet to respond to a request for comment, the company said in a statement earlier this month that it “recently discovered that certain player account information may have been illegally accessed by outside hackers.”
In a statement published over a week ago, Zynga admitted the data breach, revealing that the “account login information for certain players of Draw Something and Words With Friends that may have been accessed,” though the company did not reveal the number of affected users.
“As a precaution, we have taken steps to protect these users’ accounts from invalid logins. We plan to further notify players as the investigation proceeds.”
If you have Words with Friends installed, we recommend you reset your password even if you haven’t heard from Zynga.