A breach in September exposed the data of about 218 million Words with Friends users, according to multiple reports.
The breach was disclosed to users by Zynga, the mobile video game company behind Words with Friends and other in-app games, on September 12. The company didn't disclose how many people were affected.
The Hacker News was the first to report the number of people affected by the data breach.
"While the investigation is ongoing, we do not believe any financial information was accessed," Zynga wrote in the September press release. "However, we have identified account login information for certain players of Draw Something and Words With Friends that may have been accessed. As a precaution, we have taken steps to protect these users’ accounts from invalid logins. We plan to further notify players as the investigation proceeds."
According to The Hacker News, the following information was compromised in the breach:
- Email addresses
- Login IDs
- Hashed (scrambled) passwords
- Password reset tokens
- Phone numbers (if provided)
- Facebook ID (if connected)
- Zynga account ID
Though Facebook IDs were affected, passwords for the social media site were not stolen, Zynga said.
Security experts told Consumer Reports that users should change their passwords even if they aren't sure if they were hit by the data breach.
Zynga is behind many popular mobile games, including FarmVille, Mafia Wars and Café World.
The data breach affected both Android and iOS game players who installed and signed up for Words With Friends on or before September 2, 2019, according to Hacker News.