Have you been Zynged? Who’s playing with your data even after you changed your breached credentials?
Fact: Zynga, the California-based social game developer, suffered a major data breach in 2019 when a malicious actor stole 218 million records belonging to “Words With Friends” players. The attacker managed to steal the names, email addresses, usernames, hashed passwords (salted), associated phone numbers, linked Facebook IDs and any requested password reset tokens.
If you were a victim of the Zynga data breach, you’ve probably changed the password for your account already. But have you considered resetting the passwords for any online accounts with similar login credentials?
Why changing only the breached credentials is not enough
Users who sign up on the platform mainly provide their personal information directly during the setup process. This information includes names, usernames, gender, birth date, email address and profile photo. However, once engaged on the platform, users may further expand their profile information by:
- linking to their social media networks
- adding a phone number
- setting game preferences
- participating in message boards and forums
- sending or receiving game invitation requests
- using the chat feature
- other user-generated content
Financial information provided when purchasing in-game cosmetics and upgrades is processed via third-party applications or platforms, and is not stored directly by Zynga, but the developer may still receive non-financial information purchases such as your name and a list of items you buy.
Additional technical information about the devices you use in your online gaming sessions may also be collected and analyzed. These data sets may include IP addresses, operating systems, browser type, game time and web page interactions.
In other words, collecting your data is a process in which you are more directly involved than you might think.
Although people have become increasingly aware of data collection processes, willingly giving out their personal information, they may not fully comprehend the extent and ways data is stored and analyzed for profit.
It may seem a reasonable and straightforward exchange to benefit from services at first. However, as long as data-driven environments exist, their risk of becoming a target for malicious actors increases sevenfold.
Social networking and online gaming platforms are prime targets due to the customer-rich data environment fostered by millions of new and existing users.
Protect your info by upgrading your privacy standards
The widespread adoption of data analytics and data mining on online platforms certainly leaves room for debates over user privacy and security risks. Like any user, we expect the information we share to be kept safe. But we can’t always rely on companies to protect our data for various reasons, including human error.
Wherever your online activities take you, it’s vital to brush up on good digital practices. Whenever a data breach exposes names, email addresses and phone numbers, users may become targets of phishing and scams.
Always be suspicious of any message requests and unsolicited correspondence you receive — via any means of communication.
If you were a victim of the Zynga data breach, you’ve probably changed the password for your account already. But have you considered resetting the passwords for any online accounts with similar login credentials?
As an extra security-focused step, create a separate email address to use when signing up to an online gaming platform, and avoid linking with your social media accounts, and adding your phone number where possible.
Check if your personal info has been stolen or made public on the internet, with Bitdefender’s Digital Identity Protection tool.