The personal information of 218 million Zynga users has been stolen in a data breach orchestrated by prolific Pakistani hacker Gnosticplayers. according to Hacker News. The cybercriminal involved was allegedly behind the Collection #1 and Collection #2 data dumps at the start of 2019.
Zynga is home to some of the best known social games, including the likes of Farmville, Mafia Wars and Zynga Poker. The majority of those affected by the hack were Words with Friends players.
To understand more about the data breach, Digital Journal caught up with Frederik Mennes, Director Product Security at OneSpan. Mennes began by explaining the significance of the incident: “This is a significant breach, affecting the majority of Words with Friends players.”
Mennes explains that “with criminals trading assets in underground forums, data from this breach could easily be cross referenced with information lying elsewhere to bypass authentication. For the more high-risk accounts like banking accounts, this poses a very real fraud threat.”
He also recommends that those affected review their security status: “Those impacted should act fast to change their password, including on other accounts if the password has been reused. This is important because the exposed credentials can be used by criminals in credential stuffing attacks to cause maximum damage across other accounts.
in terms of preventative actions, Mennes notes that the days of relying on passwords alone are fading away: “If this doesn’t highlight the need for security reach beyond the password, then not much else will.”
Instead it is time for multifunction authentication: “We should know by now that using a combination of multiple, layered authentication technologies gives companies, and users, the best chance.”
With this, Mennes notes, companies “should be upgrading their authentication procedures to more intelligent methods to mitigate the fraud risk in the aftermath of attacks such as this. This technology should combine multiple authentication techniques, whether that’s fingerprints, behavioural biometrics or one-time passwords.”