One of the most popular mobile games in the United States has reportedly been breached by a prolific hacker.
The Hacker News originally reported that the Pakistani hacker, who goes by the alias Gnosticplayers, told the outlet that on and before September 2 he was able to access data belonging to all players who installed the game on iOS and Android—which would apparently amount to 218 million users.
On September 12, Word With Friends parent company Zynga released a statement informing users that their data from Words With Friends and popular sister title Draw Something had been compromised. “We recently discovered that certain player account information may have been illegally accessed by outside hackers,” the statement reads. “While the investigation is ongoing, we do not believe any financial information was accessed.”
A company spokesperson would not provide Gizmodo any further information, or say how many users are affected.
According to a sample Gnosticplayers sent to The Hacker News, the stolen data includes names, email addresses, login IDs, hashed passwords, phone numbers, and Facebook IDs.
Zynga said it has “taken steps to protect these users’ accounts from invalid logins” and plans “to notify players as the investigation proceeds further.”
In February, Gnosticplayers told ZDNet he hoped to put the data of one billion users up for sale. By April he had reportedly stolen about 932 million user records from 44 companies, including Evite, UnderArmour, and My Heritage.
If you play Words With Friends, change your password now. And put at least as much effort into it as you would trying to finding a word that’s almost all vowels