Two individuals have filed a class-action complaint against Zynga following a 2019 data breach that reportedly affected more than 172 million people. Zynga admitted to the data beach wherein “certain player account information” was obtained by hackers in September 2019. It said at the time that account login information for Draw Something and Words With Friends users were accessed, but the company said it did not believe financial information was accessed.
In December 2019, security website Have I Been Pwned said the data breach ranked 10th as one of the largest user information hacks. Zynga has not confirmed the size of the breach.
A hacker named Gnosticplayers told The Hacker News in 2019 he accessed names, email addresses, login IDs, phone numbers, hashed passwords, Facebook IDs, and more within the data breach. He also said he uncovered “clear text passwords” for more than 7 million OMGPOP users. (OMGPOP developed Draw Something and was acquired by Zynga in 2013.)
Lawyers for the two plaintiffs are filing the class-action lawsuit for Zynga’s “failure to reasonably safeguard” player information and the company’s failure to notify users in a timely manner. They also suggest Zynga “unconscionably” deceived users regarding the safety and protection of their user information. The plaintiffs said a large number of minors were implicated in the breach.
Zynga is an American company that’s created popular mobile and social games like FarmVille, Words With Friends, and Zynga Poker. In 2019, it reported a daily active user base of 20 million, according to USA Today. One hundred million players reportedly boot up its apps monthly.
The plaintiffs and millions of others are at “an imminent risk of fraud” for years to come “as a result of the data breach and Zynga’s deceptive and unconscionable conduct,” according to the lawsuit.
Zynga has not responded to Polygon’s request for comment.