What Happened
In September 2019, specifically around August 31, game developer Zynga—known for titles like *Words With Friends*—suffered a data breach when hacker “GnosticPlayers” exploited a vulnerability to access a player database, exposing data from approximately 218 million accounts (estimates range from 173-218 million across sources) for Android and iOS users who installed the game before September 2. Stolen information included email addresses, usernames, login IDs, salted SHA-1 password hashes, password-reset tokens, phone numbers, Facebook IDs, and Zynga account numbers, but no financial data was affected. Zynga publicly disclosed the incident on September 12, invalidated reset tokens, forced password changes, hired forensics experts, notified law enforcement, and informed users, though it faced criticism for delayed and vague notifications, leading to class-action lawsuits over weak security like SHA-1 hashing and lack of multi-factor authentication.
