Gnosticplayers, who is known for dumping nearly 1 Billion user records from 44 companies in a series of collection packages earlier this year, has claimed to have hacked social media gaming giant --- Zynga. User data belonging to games "Words with Friends" and "Draw Something" includes player names, emails, login IDs, Zynga account IDs, hashed passwords (SHA1 with salt), password reset tokens (if requested), phone numbers (if provided) and Facebook IDs (if connected).
The sunsetted "OMGPop" game was also hacked, exposing 7 billion clear text passwords. While most app developers these days know better than to store passwords in clear text, companies need to ensure that old data sets are also properly secured and up to date with the latest standards and best practices.
Consumer password reuse continues to be pervasive practice, leading to more serious consequences such as account takeover, identity theft, and other privacy and security intrusions. Unique, complicated passwords for each login and alerts from a trusted identity theft provider to notify you on exposed credentials circulating in the deep and dark web is strongly recommended.
“While a breach is always unfortunate, it is encouraging to see that Zynga had sufficient monitoring in place to detect the breach and notify its customers. What is not so encouraging is seeing a subset of several million users passwords which had been stored in cleartext. In today’s day and age, no company should be storing cleartext passwords,” said Javvad Malik, security awareness advocate, KnowBe4. “With many users frequently reusing passwords, the breach of this nature can lead to other accounts of individuals being compromised, particularly as the breach also contained email addresses.”