Zynga Data Breach
Zynga Mobile Game Developer Breach (2019): 172 Million Words with Friends & FarmVille Player Accounts Exposed
Video game developer.
Risk Interpretation
Credential reuse and account takeover risk. Gaming accounts can be used for fraud, resale, or as pivot points into other linked accounts.
Impact & Downstream Threats
The 2019 Zynga breach was significant because it affected a massive consumer gaming user base and exposed data that could be reused beyond the games themselves. Public breach tracking says the incident exposed about 173 million unique email addresses along with usernames and salted SHA-1 password hashes, creating a large credential set useful for password cracking, credential stuffing, phishing, and account takeover attempts across other services where users reused login information.
- Credential stuffing against reused passwords across other platforms
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
Threat Vectors
Breach Intelligence
Executive Summary
Zynga, the mobile game publisher behind Words With Friends and FarmVille, suffered a breach in September 2019 when a hacker known as GnosticPlayers gained unauthorized access to one of its player databases. The attacker claimed to have downloaded records for every Android and iOS user who had installed Words With Friends before September 2, 2019. While Zynga's own public statement acknowledged the breach, independent estimates put the exposed record count at approximately 172.9 million unique accounts. The attack is believed to have involved social engineering, though Zynga has never released a detailed forensic account. The stolen data included email addresses, usernames, login IDs, and passwords stored as salted SHA-1 hashes, a format that is weaker than modern encryption standards and can be cracked with enough computing effort. Many records also contained phone numbers, password-reset tokens, Facebook IDs, and Zynga account numbers. No financial or payment data was stored on the compromised server, so credit card information was not exposed. Even so, the combination of email addresses and crackable passwords gives attackers the core ingredients for phishing campaigns, credential stuffing, and account takeover attempts, particularly against users who reuse the same password across multiple services. Zynga notified affected players and prompted password resets following the disclosure. No major regulatory action was publicly reported in the aftermath. For anyone who played Words With Friends or other Zynga titles before September 2019, the practical risk is that their login credentials may have circulated in criminal markets for years. Changing passwords on any account that shared credentials with a Zynga login remains the most important step affected users can take.
About Zynga
Zynga is a major mobile and social game publisher best known for titles such as Words With Friends, Zynga Poker, and FarmVille. It now operates as a wholly owned publishing label of Take-Two Interactive, with a business centered on free-to-play mobile games, live operations, and long-tail player engagement across a portfolio of casual and midcore titles.
Why They Hold Your Data
Gaming platforms collect user accounts, emails, passwords, and in-game activity data, often tied to social features.
Recent Developments
Zynga remains an active part of Take-Two’s mobile strategy and continues to run large live-service franchises and brand partnerships across its game portfolio. Recent public announcements in 2025 and 2026 highlight major updates to Top Eleven and a cross-title CBS Survivor collaboration, showing that the label is still being used to launch seasonal content, partnerships, and live-ops expansions across multiple games.
Data Points Exposed
Canonical Fields
email_address, password, phone_number, username
Dark Web Verification
- Dataset containing ~172.9M records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: Zynga Data Breach;zynga.com-2019
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of Zynga
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam