Gnosticplayers, a hacker well-known for stealing and selling data, recently claimed to have breached the mobile game maker Zynga and accessed 218 million user records.
In September 2019, Zynga announced that a cybersecurity incident had occurred that may have compromised the account login information for some players of Draw Something and Words with Friends. The organization did not share any details or the number of users affected. Zynga said it had taken measures to protect the breached accounts.
The Hacker News reported that Gnosticplayers stated that s(he) stole data from all Android and iOS players who signed up for Words with Friends before September 2. The stolen data included names, email addresses, login IDs, hashed passwords, password reset tokens (if ever requested), phone numbers (if provided), Facebook IDs (if connected), and Zynga account IDs. Gnosticplayers provided samples of the stolen data to The Hacker News.
Gnosticplayers posted 93 million stolen records for sale on the dark web in February 2019; 26 million records in March 2019; and 139 million records in May 2019. Doug Olenick "The word is out: Zynga was breached" scmagazine.com (Sep. 30, 2019).
Password safety is one of your most important tools for keeping your personal and business accounts protected. With hackers stealing passwords for online accounts constantly, it is important that you follow password best practices.
The average user is expected to have 200 online accounts by 2020. The sheer number of passwords to create and remember may tempt you to reuse passwords for some or all of your accounts. However, doing so is a critical mistake.
Unique passwords are an absolute must to protect you from credential stuffing attacks. If a hacker accesses just one of your passwords from an organization and sells it online, the buyer can now access any of your accounts that use the same password. Even if you do not share your credit card on that particular account, if you use the same password on an account with your personal data, you put it in jeopardy.
Long passwords are essential to protect your account from a brute force attack. Hackers use technology that can process millions of password attempts per second to guess your password. The longer and more random your password, the less likely a hacking tool can guess it. Passwords should be a minimum of 16 characters long.
However, the recommendation to create an overly complex password has changed in recent years, because computers are capable of guessing random character combinations, while humans struggle to remember them. Yet computers still struggle with long passwords, no matter the complexity. As a result, length is key.
Your long passwords do not have to be a mix of letters, numbers, and special characters. Your password can be a passphrase of all letters, as long as it is sufficiently lengthy and also random. Using a password generator can help you string together random words. Using a common phrase or words that make sense together makes your password much easier to guess.
Of course, unique, strong passwords won't keep you safe if you give them to cybercriminals. Never share a password in response to an email request. Install software to protect against malware and keep your operating system updated.
In addition, never store your passwords in a text file. Such files are easy for hackers to steal and would give them access to all of your accounts. Either write passwords down on paper that you store in a locked safe or use a password manager or otherwise encrypt your digital passwords.