Zynga hack, passwords stolen etc

If this has been posted elsewhere please do merge, I say this as I really feel that this is the sort of thing that should have at least been flagged with players even if it were a confirmation of whether SGG may or may not also be affected but I can’t recall seeing anything so anyway here goes:

2 Likes

Links

As far as I know, SGG has zero passwords.

My account is saved on Apple Game center.

SGG server has a link to Apple Game center, and an option for a second link to my Facebook account.

Usually both are heavily encrypted and often have expiration date or are single use.

Hackers want passwords not links

(https://www.zdnet.com/google-amp/article/44-million-microsoft-users-reused-passwords-in-the-first-three-months-of-2019/)

Do not share

This does not mean you should share your account info.

Links

([Tips, Help] But I didn't do ANYTHING but my account is trashed/ banned ! or Common mistakes, cons, and other nefarious methods to get your money, trash your account, or get you banned AND How to prevent this from happening)

(Why is showing your game ID a bad idea?)

Quote

5 Likes

Whilst I agree it is unlikely passwords are at risk here - if I thought they were I would have been I would have been recommending that people change them.

However as we know SGG developed their own data analytics for as the SGG CEO put it in one video, the ones currently available didn’t go far enough, the concern players here might have is whether any of that profiling data or even things like purchase history (for as mentioned in the article the data breach was not just limited to just passwords) that can be cross referenced with links to either Google, Apple or Facebook accounts to either identify particular individuals it would be worth the trouble of investigating whether they might be foolish enough to have reused the password for any of those accounts that may have been captured in other data breaches or to put to use to advance a social engineering effort.

1 Like

Live on national TV

You are not wrong.

But.

That is a lot of encryption cracking, for tiny info gains.

If you were going to be hacked through an Apple Game center link, it already happened.

If it did not happen, the link is already stale.

Modern password theft is mostly a target of opportunity since the effort reward ratio is so low.

Dev Tim

SGG, now they should be concerned.

Often staff play their employers products.

If Dev Tim plays a Zynga game, Dev Tim needs to change the password, and any other accounts with that password.

One reason for using a password manager.

(https://lifehacker.com/the-five-best-password-managers-5529133/amp)

Until passwords are ( eventually) replaced.

(https://amp.theguardian.com/technology/2018/apr/11/passwords-webauthn-new-web-standard-designed-replace-login-method)

2 Likes

Is this the reason why they updated their terms of service recently?

There are way more issues to be concerned about than just password theft. The reality is the weakest point in most security is the people involved but social engineering attacks can be time consuming to get right for an uncertain amount of pay off. However if for example you know that your mark is spending a couple hundred a month on a mobile game they become just an interesting enough to pay a bit more attention on with the email account and any profiling information also gleamed you’ve got something to be starting with.

In a public forum like this you can never know the motives of everyone view it so I’m trying to avoid explicitly stating things so as not to potentially put bad ideas in the heads of bad actors that hadn’t thought of them but suffice to say you can still do a lot of damage to people without pinching passwords.

1 Like

What has Zynga done about the security breach to their data servers in September? The breach was huge and user data was mined, but yet Zynga never informed users.

Probably they would have done it, if there were any security issues that could have affected our account data or even the risk of hijacking accounts.

1 Like

Sorry this is the E&P forum? I understand it affected Words with friends & Farmville :confounded:.

1 Like

They informed credit card and reporting companies of the breach. User data was stolen. It goes with responsibility and accountability. It’s common practice for company’s to not tell clients. But then Zynga changed their user agreement to insure they can’t get sued right after. Not a coincidence.
Wondering if anyone has gotten info from Zynga, they aren’t answering queries’s about the breach. Maybe the moderators could get info?

Zynga owns Small Giant, that is E&P.

I think, Zynga only bought E&P, but our data was kept on SG servers.

Always better to keep clients informed, but only if it’s necessary when their data gets stolen.

If not, it just would unsettle them for no reason.

2 Likes

Call me ignorant, but not sure how the hack impacts empires and puzzles.

3 Likes

Curious want Info they can get , I’m connected via apple game centre so don’t know what info they could possibly get anyway

Zynga owns Small Giant. That’s why the questions come up.

But they don’t store anything of interest from us and that tiny string of data is on SG servers, which weren’t the target of the attack.

It’s just an ID related to the login account of google, apple or facebook.

1 Like

Ya think, all transactions are logged how do you think they get their money. Everything you say, do, type is logged, the log files are some of the best sources of information for persons of ill repute that wish to collect data.

1 Like

This is a general response.

Not directed to this particular hack, however, they look for any opening they can expose & use it to find other openings, utilizing all.

Rarely, unless it’s Eq****, or similar, are they getting all of the needed info at one time. Look at it like each one being a piece to a puzzle, with some pieces being more vital than others. Eventually, the puzzle will be complete, it just depends on how many pieces are needed. It takes far more effort in a large company security breach, like mentioned above, than it does for Zynga. Plus, noone really thinks too much into a game center being hacked.

Now, think of 6 degrees of separation(or 4, 3, 10) & they have the extact same info that would’ve taken much more time & effort to get, in almost no time.

The path of least resistance

Farmville has not existed in years. But it was hacked when it was operational.

I just recieved an alert from credit karma today that Zynga data breach happened in September 2019 and my account was affected.

Zynga breach

September 2019

In September 2019, Zynga’s database was allegedly breached. Even if you don’t use your Zynga account anymore, it’s important to protect any info that was exposed.

Anyone receive this alert today?

1 Like

Cookie Settings