Zynga's September security breach compromised accounts of 173 million Farmville and Words with Friends players

Attacker behind the breach had claimed to have snaffled email addresses, login names and passwords of 220 million accounts

More than 170 million accounts were compromised when Zynga, maker of the popular Farmville game and Words with Friends, was compromised following a security breach in September 2019.

The breach was only acknowledged weeks after the event after a cyber crime group called ‘gnosticplayers' went public. It claimed to have acquired a database of user names and passwords amounting to almost 220 million accounts.

Now, the HaveIbeenPwned website created by security specialist Troy Hunt, has published information from that breach. It reveals that a total of 172,869,660 Zynga accounts were, in fact, compromised.

The user names and passwords were stored as salted SHA-1 hashes, providing a modicum of security in the immediate aftermath of a breach. The data of the de-hashed accounts was passed to HaveIbeenPwned by Dehashed, a company specialising in real-time account monitoring.

At the time, Zynga had opined that "cyber-attacks are one of the unfortunate realities of doing business today", adding that it had "recently discovered that certain player account information may have been illegally accessed by outside hackers."

An investigation was immediately launched, it continued, and law enforcement agencies brought-in, as well as forensic investigators.

"We understand that account information for certain players of certain Zynga games may have been accessed. As a precaution, we have taken steps to protect certain players' accounts from invalid logins, including but not limited to where we believe that passwords may have been accessed."

Security breaches have continued to increase during 2019, with barely a week going by without some kind of significant breach.