I’d Like a Word with You
In fact, I’d like a word with all 218 million of you. Yes, that is the number of users in the popular game Words With Friends, the very one that was allegedly hacked by the Pakistani hacker, who uses the alias Gnosticplayers, on September 2nd of this year. This recent breach is all a part of their announced intent to put data of 1 billion users up for sale. And he/she seems to be making progress because by April, they had reportedly stolen 932 million user credentials from a whopping 44 companies. Those included in the compromises were Evite, UnderArmour, and My Heritage, sites that almost everyone has come across at one point.
Zynga, the parent company of Words With Friends, and their sister game Draw Something, released a statement on September 12th informing users that their data had been compromised but that they were working to protect user accounts. Details were not provided at that time, but they did plan to “notify players as the investigation proceeds further.” Gnosticplayers reported to The Hacker News that stolen data includes names, email addresses, login IDs, hashed passwords, phone numbers, and Facebook IDs.
Aside from identity theft and other compromising situations for users with stolen credentials, as a business owner or manager, you likely have at least one employee who has used this popular game. And given the high likelihood that that user repeats passwords, there is a good chance that their professional passwords match up with their personal ones. So if Jane in accounting or Sam in sales has been hacked, that data can be crossed referenced with other breaches and identifying information on LinkedIn about where they work…well, you can see where I’m going here. You might not be in a direct line of fire, but it doesn’t take much effort to put the components together to make a moving part.
Talk to your team. Explain that you need a secure and unique password update to all systems. Be specific, and outline that they are not to be using login credentials that match anything in their personal accounts. Cross-contamination can happen so quickly, and it is your business at risk.
Have a ‘word with your friends’…and colleagues…and employees. It might be the conversation that saves your business.