A hacker going by the name Gnosticplayers has claimed to obtain access records of 218 million players of Words with Friends which includes names, email and login IDs, hashed passwords, Facebook IDs and phone numbers. If a user has signed up for Words with Friends as recent as last month, then it is best to change the password as soon as possible since there lies a possibility of the data being stolen and misused.
Cracking a hashed password can be very simple if it is a commonly used term or a simple word or if the original encryption is weak. Thus it is considered a best practice to change the passwords on remaining social accounts where the same email address and password are used. More damage can be caused in these sites than just attacking a simple game like Words with Friends. Security experts thus advice to use different passwords and login details for various social media applications and websites. Any breach of data on one application does not affect any of the remaining ones.
Zynga, the developer of Words with Friends said that they discovered some player account information to be accessed by external hackers. They initiated immediate investigation along with the assistance of leading forensic firms and the support of law enforcement.
As the world goes more and more digital, the threat of such attacks increases and the users are often left vulnerable since it is their data which is being tampered with. Millions of user credentials are being leaked out every year even with big giants such as Facebook.
However, there are certain tips to prevent these damages. One of them includes using unique and long passwords for every account. Using password managers can also help so that you need not remember every password. It is also advised to use the advantage of two-factor authentication wherever provided. Most major accounts including Google, Facebook, Apple support this. Besides the password, this method requires entering the unique code sent to the user’s mobile number in every login attempt.
Users should also delete their old accounts which they decide not to use anymore. People often uninstall the application and forget but it does not end there. The user should delete their entire account information from the application or contact the developer if such an option is not provided. If all of these practices are followed, then it is highly unlikely for a user to have his/her information compromised. We should learn to protect our data and keep ourselves safe.