It’s Time To Secure Your Zynga Account

I love starting off my day with an email from Firefox Monitor that one of my login and password combinations has, once again, leaked out to the web. Today, it’s Zynga’s turn for mea culpas, and I’m starting to regret all those rounds of Words With Friends I’ve played.

According to Have I Been Pwned, the data breach affects a whopping 172.8 million accounts (as of when we wrote this article), which puts it at 10th place on the site’s top-ten list of biggest breaches—not a ranking anyone wants to have.

If this sounds like old news, it’s possible that Zynga has already reached out to let you know that your credentials showed up in the giant leak. The company technically fessed up to the data breach’s existence in September, but here’s why I’m writing about this now: I never recall receiving any kind of email or notification from Zynga, yet my account credentials—according to Have I Been Pwned, at least—show up in the database of user names, passwords, login IDs, phone numbers, and Zynga user names.

Whether you miss Zynga’s message or never receive it is irrelevant; you can easily check to see if your credentials can be found in the breach. To do so, simply pull up Have I Been Pwned and enter the email address you use with your Zynga account. It’s as easy as that.

And while you’re there, I recommend signing up for the “Notify Me” portion of Have I Been Pwned, which is a great secondary way to let yourself know if—really, when—your email address is associated with any big data breach. (I use Firefox Monitor, which is basically the same thing.)

If you were an unlucky Zynga gamer affected by the big leak—and, honestly, even if you weren’t—I recommend changing your password to something strong and unique. Don’t reuse the same password across different websites, something a great password manager can help you figure out.

Otherwise, Zynga doesn’t offer anything like two-factor authentication to keep your account even safer. The best you can do is to remain vigilant about account phishing attempts, which should cut down (or eliminate) any additional security issues.

Comments


Leave a Reply