Available 24/7

Seven Days A Week

720.372.2824

Call Us For A Free Consultation

Facebook

Twitter

LinkedIn

 
FDAzar > Zynga Data Breach Class Action

Zynga Data Breach Class Action

Zynga, one of the largest social game developers, was the victim of a hack and a resulting data breach along with over 218 million of their users. Zynga is the developer of popular smartphone gaming apps, including Words with Friends, Farmville, and many more.

 

If you have installed and played one or more of these games on your smartphone, then your information may have been compromised. It is best to take steps to protect yourself if you think there is a possibility your information was susceptible to the breach. And of course, it is always a good idea to speak with an attorney with experience in data breach cases. You can speak with any of our experienced attorneys for free at 1-855-622-7613 or by emailing us at databreach@fdazar.com

How do I know if I was affected by the data breach?

Zynga is currently stating that the breach is known to have affected anyone who installed and played the game “Words With Friends” on Android or iOS prior to September 2, 2019.  The breach is also thought to have impacted at least 7 million more users of the games “Draw Something” and “OMGPOP.” It is unclear at this time how many other users may have been compromised.  It is possible that millions of users of other gaming apps could have been impacted as well, since Zynga is the owner of some of the most popular smartphone games including Zynga Poker, Farmville, and Mafia Wars.

 

Although no official date has been released, the data breach is thought to have taken place in early September 2019. However, Zynga didn’t release any notification of the breach until September 12th 2019, and the breach was not widely known until Hacker News issued an exclusive report on the matter on September 29, 2019. Often, in the wake of a data breach, a company will issue individual notifications to affected customers, however it is unknown at this time if Zynga plans on issuing notifications to individuals impacted by the breach.

When did Zynga first become aware of the breach?

This is a very good question and one that we will be investigating in the coming weeks/months.  As stated, it is unknown when exactly they first realized there was an issue, however, they knew by September 12, 2019 at the latest, according to an under-the-radar statement released on that date, which you can read here. A few weeks later, Zynga released this updated announcement.

 

It is important that when there is a data breach that the company impacted act quickly and appropriately to minimize the damage, and we will be investigating to determine if Zynga did so in this case.

What information was compromised during the breach?

According to Zynga, the information that was exposed in the hack includes, but is not limited to, the following:

 

    • Names
    • Email addresses
    • Login IDs
    • Hashed passwords, SHA1 with salt
    • Password reset tokens/access tokens
    • Phone numbers (if provided)
    • Facebook ID (if connected)
    • Zynga account ID

 

Zynga has stated that their “current understanding” is that no financial information was compromised in the breach.  However, they also concede that they just recently launched an investigation into the matter.  Based on our experience, the nature of data breaches are so complex and broad that companies cannot expect to have a full picture of what data was actually compromised until weeks, or even month after the breach. It is always a good idea to keep a close eye on your financial accounts and potentially replace and cards or account info that you feel may have been compromised.

What is an Access Token?

Access tokens operate online as an “automatic super password,” embedded with all of a user’s security information which allows a user to log in numerous times without typing out their username and password each time. This makes them particularly valuable, and particularly harmful when compromised. Access tokens carry specific value to malicious third parties because once a user’s access token is compromised, all tokens from that user’s shared or connected web applications could potentially become accessible.  In such cases, anyone with access to the token could potentially reset all other user data permissions and steal the tokens of all connected applications without alerting the original user.

The Class Action Attorneys at FDAZAR

FDAzar is one of the largest plaintiff law firms in Colorado, known for championing the rights of individuals who have suffered damages at the hands of large corporations.  The firm is currently prosecuting data breach Class Action cases against Facebook, Marriott, Quora, and Capital One.

 

Over the past 30 years, our attorneys have secured more than $1.5 billion in compensation for our clients. Our class action department is staffed with experienced and knowledgeable attorneys who focus on litigating large, complex cases.

 

If you have suffered damages as a result of unfair business practices, data breaches, or corporate misconduct, the class action attorneys at FDAzar may be able to help. Speak with a member of our class-action team today or contact us here. The consultation is free.

Frank Azar and Associates’ Zynga Class Action Team

Contact Us Now

Free Consultation