Gaming company Zynga Inc. becomes a victim of hackers; 218 million players affected

A cybersecurity incident has impacted Zynga Inc., a popular social media video game company. According to information security specialists, the incident has compromised the personal information of nearly 220 million users worldwide.

Through an official statement, the company reported that Gonsticplayers, a hacker from Pakistan managed to compromise the security of Words with Friends, a game developed by the company, gaining access to a database with more than 218 million records of players. Gnosticplayers has been involved in various hacking incidents over the past few months.

“We found that a threat actor was able to illegally access details of multiple player accounts. The incident was immediately investigated in collaboration with leading authorities and information security firms,” the Zynga statement says.

The company added that the investigation has not yet been concluded, but the possibility that the hacker had accessed the victims’ financial information has been ruled out. However, access to some of the compromised accounts has been detected. “We are taking some security measures against these invalid logins,” the statement says.

In one of his previous attacks, Gnosticplayers managed to hack the contents of more than 25 million people, collected by at least six large companies in the entire world. The hacker has been active in multiple dark web forums, offering this stolen information for 1.3 Bitcoin (just under $5k USD).

Information security specialists from the International Institute of Cyber Security (IICS) assure that Gnosticplayers controlled an account at Dream Market, the popular forum for sale on dark web. Through this forum, the hacker offered three rounds of data stolen from different websites. Gnosticplayers was subsequently held responsible for a considerable data breach in the Canva web design platform; Personal details of more than 130 million users of the Australian website were compromised, including full names, email addresses and country of residence.