The bigger they come, the harder they fall, the old saying goes – or in this case, the more popular the game, the more user data is at risk, should hackers get access to it.
That’s reportedly what’s happened with smash mobile hit Words With Friends. A hacker by the name of Gnosticplayers claims to have got hold of 218 million player records, which include names, email addresses, login IDs, hashed (scrambled) passwords, phone numbers, and Facebook IDs.
If you signed up for Words With Friends before last month, when the breach occurred, your data might well be among the stolen credentials: so it’s a good idea to go and change your Words with Friends password as soon as you can.
While hashed passwords do require some cracking, that cracking process can be relatively straightforward, especially on simple or commonly used passwords, or where the original encryption was low-level. (Wired has a good explainer about the intricacies here.)
Perhaps more importantly, you should also change the passwords on other accounts where you’re using the same email address and password, and where unwelcome visitors could do more than just mess up your Words With Friends high scores.
This is an example of why security experts recommend that you don’t use the same login details and passwords across numerous apps and sites – if one of them gets hacked, then the others are all at risk too.
Words With Friends developer Zynga has yet to comment on specifics, but did post a statement several weeks ago about a possible data breach. According to Zynga, no financial or payment data has been exposed.
“We recently discovered that certain player account information may have been illegally accessed by outside hackers,” says Zynga. “An investigation was immediately commenced, leading third-party forensics firms were retained to assist, and we have contacted law enforcement.”
Unfortunately there’s very little that users can do to avoid falling victim to these huge data breaches. Every year millions of user account credentials leak out on the web, with even the big names like Facebook liable to get hit.
There are ways of minimising the damage though, including using long and unique passwords for each of your accounts – if you struggle to remember them all, consider enlisting the services of a password manager. Browsers like Firefox, Chrome, Edge and Safari will now offer to remember all your passwords, too.
In addition, turn on two-factor authentication wherever it’s offered (most accounts now support it, including ones you create with Apple, Google, Microsoft, Facebook and Twitter). It means another piece of information – usually a code sent to your phone – is required to log in, besides your username and password.
One more tip: delete and disconnect old accounts you no longer use, whether that’s social networks or games. In other words, don’t just uninstall apps from your phone, but actively delete the associated accounts (the option should be somewhere in the settings).
These steps don’t make you invulnerable to data breaches like this one, but they make it much harder for someone to use credentials that get leaked to access your accounts.
A little bit of common sense and focus can go a long way, too – around a third of data breaches are caused not by hackers, but by human error. Stay safe out there.