UPDATED 19:47 EDT / DECEMBER 19 2019

SECURITY

173M stolen Zynga account credentials find their way online

Nearly 173 million user records stolen from online games maker Zynga Inc. have found their way online.

The theft of the data, which includes usernames, email addresses and encrypted passwords, was detailed today by breach monitoring site Have I Been Pwned, which added the data to its database of breached credentials.

The hack took place in September, with a Pakistani hacker called Gnosticplayers taking credit for it at the time. That hacker claimed to have stolen 218 million records, more than the figure since discovered online. Zygna confirmed the hack Sept. 12, quietly publishing a “player security announcement” that stated that “certain player account information may have been illegally accessed by outside hackers.”

Most of the data stolen in the hack is believed to be related to the “Words with Friends” game, with other data coming from games that include “Draw Something” and “OMGPOP.” It was noted originally that some of the data included cleartext passwords, although that has not been confirmed in the subsequent discovery of the data available online.

Users are naturally being encouraged to reset their passwords for their Zynga accounts as a precaution if they haven’t done so already.

The response, more particularly the lack thereof from Zynga, which has added nothing to its original statement from September, has come in for criticism.

“A company like Zynga has far-reaching access into hundreds of millions of consumers and their devices, based on the games they develop and communities they create,” James Carder, chief security officer and vice president of security intelligence firm LogRhythm Inc., told SiliconANGLE. “Therefore, to initially respond that the hack is ‘one of the unfortunate realities of doing business today’ comes across like an attempt to deflect responsibility when Zynga does in fact have a responsibility to protect its users and their data.”

Chris DeRamus, co-founder and chief technology officer of cloud cybersecurity firm DivvyCloud Corp., concurred, saying that Zynga’s response to its breach demonstrates how some organizations tend to view proper security as an afterthought.

“Companies falsely believe that they are faced with a lose-lose choice of innovating in the cloud and remaining competitive, or prioritizing security but moving at a slower and harming their overall market share as a result,” DeRamus said. “However, this is a false choice – organizations can innovate while remaining secure if they implement the proper security controls as they adopt cloud. An automated cloud security strategy can help organizations detect misconfigurations and other threats, then either alert the appropriate personnel of the issue or trigger automated remediation – all in real time.”

Photo: gamesforchange/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU