What happened
According to public breach records, the Zynga data breach on September 1, 2019 is reported to have exposed the personal information of 172,869,660 accounts.
In September 2019, game developer Zynga (the creator of Words with Friends) suffered a data breach. The incident exposed 173M unique email addresses alongside usernames and passwords stored as salted SHA-1 hashes. The data was provided to HIBP by dehashed.com.
Passwords in this breach were reportedly stored as SHA-1 hashes.
In September 2019, mobile game developer Zynga disclosed that "certain player account information may have been illegally accessed by outside hackers," in a breach affecting its Words With Friends game. A hacker using the alias "Gnosticplayers" claimed responsibility, and the exposed data — covering roughly 172.9 million accounts — included email addresses, usernames, phone numbers, and passwords stored as salted SHA-1 hashes. Zynga said it engaged third-party forensics firms and contacted law enforcement to investigate the incident.
What data was exposed
The following types of personal data were compromised:
- Email addresses
- Passwords
- Phone numbers
- Usernames
Breach details
| Detail | Value |
|---|---|
| Breach name | Zynga |
| Date | September 1, 2019 |
| Accounts affected | 172,869,660 |
| Domain | zynga.com |
This summary is compiled from public breach-notification data and known leak databases. Figures reflect what those sources report and may be revised as more is learned. If something here looks wrong or you think your information is involved, contact our support team.
We report breaches as a factual record to help people check their exposure. Inclusion here is not an allegation of wrongdoing or negligence by Zynga; it reflects a publicly reported security incident.
What to do now
Based on the data exposed in this breach, here are the steps you should take:
- Change your Zynga password immediately, and change it anywhere else you reused the same login — salted SHA-1 hashes can still be cracked, especially for weaker passwords.
- Enable two-factor authentication on your email and any accounts that shared the breached password.
- Treat unsolicited emails and texts referencing your gaming accounts as potential phishing, since email addresses and phone numbers were exposed.
- Use a unique password per site (a password manager helps) so a future credential leak can't be replayed across your accounts.
Check your exposure
Data breaches are one of the ways your personal information ends up on data broker sites. Run a free scan to see which sites are exposing your personal data — and take action to remove it.
Sources
- Exclusive — Hacker Steals Over 218 Million Zynga 'Words with Friends' Gamers Data
- Have I Been Pwned: Zynga Data Breach
Find out what data brokers know about you
Run a free scan to see which sites are exposing your personal information — name, phone, address, email, and more.
Start your free scan →