Categories: Data Breach Analysis

Zynga Data Breach Analysis

Introduction

Zynga is an American social game developer. The company was founded in April 2007 with headquarters in San Francisco, California, United States. The company has a mission to “connect the world through video games”.

The company has developed multiple well-known games including Farmville, Zynga Poker, Words With Friends, Mafia Wars and Empires & Allies amongst others.

Zynga acknowledged the breach in September 2019 – in total, the data breach contains 206,267,210 records including duplicates and 150,363,954 records without duplicates.

What data is at risk?

The leaked data includes usernames, email addresses, dates of some sort (presumably registration and last visit dates), phone numbers and passwords hashed with the SHA-1 algorithm.

Email addresses

50 of the most frequently used email domains on Zynga can be seen below:

#Email DomainFrequency
1gmail.com57,066,237
2yahoo.com31,705,551
3hotmail.com19,621,241
4aol.com6,208,662
5zyngawf.com3,385,626
6comcast.net2,007,109
7hotmail.co.uk1,833,752
8icloud.com1,742,705
9live.com1,646,972
10msn.com1,229,160
11ymail.com1,033,850
12outlook.com996,471
13sbcglobal.net943,419
14me.com805,438
15att.net708,214
16verizon.net665,298
17aim.com648,613
18yahoo.co.uk620,792
19hotmail.fr547,208
20qq.com500,120
21cox.net471,127
22googlemail.com426,282
23rocketmail.com409,631
24bellsouth.net398,100
25live.co.uk343,250
26gmail.con327,016
27btinternet.com298,615
28bigpond.com279,067
29zynga.com264,152
30charter.net241,341
31yahoo.con220,323
32mail.com213,373
33web.de212,789
34mac.com204,985
35optonline.net199,181
36mail.ru188,894
37yahoo.com.au187,014
38live.com.au180,759
39hotmail.it169,146
40gmx.de162,993
41yahoo.ca162,234
42yahoo.fr162,115
43sky.com157,304
44Gmail.com147,545
45naver.com141,011
46live.fr125,987
47earthlink.net122,485
48163.com118,299
49libero.it115,875
50orange.fr114,819

From the list above we can make assumptions about the locations of Zynga users:

#Domain Purpose / CountryUser count
1Commercial / United States129,250,910
2Network Infrastructure5,756,274
3Great Britain2,797,794
4France950,129
5Germany375,782
6Russia188,894
7Australia367,773
8Italy285,021
9Canada162,234

We can clearly see that the majority of Zynga’s user base is based in Western Europe. Judging from the country list Zynga had at least 133,821,870 users based in Western Europe – this number would consume about 64.88% of users if we compare it against records with duplicates and about 88.99% of users if we compare it against records without duplicates. Eastern Europe’s numbers are much smaller – in this case we can run analysis only on Russia – Russia would consume a mere 0.09% of the entire user base if compared with records including duplicates and 0.13% of the entire user base if compared with records without duplicates. Keep in mind that this number could be significantly higher if we would run the analysis on all email domains.

Zynga, counting on the database with duplicates included, had 115,318,761 users with the email length of equal or less than 20 characters and 98,540,978 users with the email length of more than 20 characters.

Zynga also stored passwords hashed and salted with the SHA1DASH algorithm, which, due to the design of the hash, is very difficult to crack.

Registration and last visit dates

Zynga also stored two types of dates – we can assume that they were dedicated for registration and last visit dates because all of the dates in the second field are at least a few days older than the first field.

Some of the registration dates can be seen below:

#Registration yearUser count
120088,899
22009308,323
320108,049,512
4201152,509,859
5201245,864,542
6201333,692,947
7201419,797,958
8201511,798,930
9201611,919,813
10201713,229,242
1120189,906,177
1220196,738,581

We can clearly see that Zynga started exploding in 2010 – 2011. Presumably because Zynga launched two notable games – FarmVille in 2009 and CityVille in December 2010. That would also explain how they acquired so many users in 2011.

We can also look at the months of registration:

#Year and month of registrationUser count
1January 20111,527,898
2February 20113,187,321
3March 20114,811,707
4April 20114,104,531
5May 20113,840,462
6June 20114,251,794
7July 20113,595,167
8August 20114,967,098
9September 20114,969,558
10October 20114,951,815
11November 20114,845,633
12December 20117,456,875
13January 20128,609,520
14February 20126,166,747
15March 20125,616,319
16April 20124,593,770
17May 20123,425,387
18June 20122,914,675
19May 20122,739,815
20August 20122,180,118
21September 20121,960,474
22October 20121,924,118
23November 20122,350,473
24December 20123,383,126
25January 20133,050,625
26February 20132,014,609
27March 20132,964,007
28April 20132,538,785
29May 20135,155,247
30June 20135,620,240
31July 20133,644,162
32August 20132,016,390
33September 20131,595,458
34October 20131,674,013
35November 20131,491,949
36December 20131,927,462
37January 20142,266,956
38February 20142,495,039
39March 20141,526,042
40April 20141,367,953
41May 20141,393,584
42October 20141,736,345
43November 20142,645,285
44December 20141,961,001
45January 20151,649,743
46January 20161,690,730
47May 20171,755,937
48November 20171,841,061
49December 20171,332,390
50January 20181,319,939

Now we can take a glance at the last visit dates. First, lets break them down by year:

#YearUser count
1201358,687,929
2201468,633,963
3201514,879,156
4201611,867,841
5201722,641,704
6201816,827,914
7201920,286,276

We can clearly see that the vast majority of users last visit dates were in 2014 – Zynga’s first quarter results for 2014 showed that daily active user numbers fell from 53 million to 28 million year-over-year, so we can make an assumption that this was a pretty devastating year for Zynga.

Now we can also take a look at the last visit dates including months:

#Year and monthUser count
1December 201358,631,283
2January 20141,233,821
3February 20141,910,625
4March 201412,286,336
5May 20141,286,521
6June 201431,170,789
7July 20141,102,223
8August 20146,064,564
9September 20142,637,421
10October 20142,982,078
11November 20144,074,683
12December 20142,882,402
13January 20152,343,310
14February 20151,519,108
15March 20151,158,878
16October 20151,246,491
17November 20151,212,826
18December 20151,508,320
19January 20161,955,831
20February 20161,447,082
21March 20161,148,311
22April 20161,146,150
23May 20161,227,472
24February 20172,808,792
25March 20172,224,243
26April 20171,705,594
27May 20172,191,226
28June 20173,090,247
29July 20171,960,363
30August 20171,284,560
31October 20171,740,587
32November 20172,426,871
33December 20171,729,112
34June 20181,743,764
35February 20181,183,800
36March 20181,132,668
37May 20181,394,505
38June 20181,634,963
39July 20181,455,900
40August 20181,379,390
41September 20181,409,367
42October 20181,608,628
43November 20181,441,809
44December 20181,489,667
45January 20191,678,076
46February 20191,479,820
47March 20191,850,556
48April 20191,720,382
49July 20193,792,126
50August 20196,817,538

Phone numbers

Alongside email addresses, registration and last visit dates, Zynga also stored phone numbers allowing us to glance at the country calling codes to make further assumptions where Zynga users were based:

#Country calling codeUser countCountry
13164,903,318Unknown
233101,870,140France
333335,302,909France
433454,502,673United States (Alabama)
53351,937,399United States (Alabama)
63363,791,932United States (North Carolina)
73372,815,516United States (Louisiana)
83381,980,136United States (Kansas)
93391,539,575United States (Massachusetts)
10349,679,368Spain
113401,096,303United States (Virgin Islands)
123431,644,088Canada
133441,545,168United States (Maryland)
14351,232,958Unknown
153626,450,768Hungary
163601,225,829United States (Washington)
173611,286,462United States (Texas)
183621,916,541United States (Kansas)
193634,450,702United States (Missouri)
203645,034,853United States (Kentucky)
213653,738,655Canada
223662,105,035United States (North Carolina)
233671,726,155Canada
243681,838,625United States (Louisiana)
253693,127,911United States (California)
263712,907,096Discontinued, once was assigned to East Germany
273702,669,477Lithuania
283712,535,843Latvia
293721,402,870Estonia
303731,186,081Moldova
313810,729,895Ukraine
323821,441,145Montenegro
333832,060,581Kosovo
343841,806,749United States (Kansas)
35392,033,093Italy
36748,921,308Russia
37703,084,166United Kingdom
38718,316,024Botswana
397161,030,008United States (New York)
407171,255,644United States (Pennsylvania)
417181,358,479United States (New York, excluding Manhattan)
427191,313,189United States (Colorado)
437214,019,502Serbia
447201,459,595United States (Colorado)
457211,323,153United States (Saint Martin)
467241,356,205United States (Pennsylvania)
477251,357,354United States (Nevada)
487261,191,305United States (Texas)
497271,611,795United States (Florida)
507282,053,585United States (Virginia)
517291,777,324United States (Colorado)
527310,745,346Kazakhstan
537301,698,551United States (Illinois)
547311,291,637United States (Tennessee)
557321,681,681United States (New Jersey)
567332,054,451United States (Illinois)
577341,495,079United States (Michigan)
587410,492,013United Kingdom
597401,013,513United States (Ohio)
507431,193,652United States (North Carolina)
617441,000,773United States (Massachusetts)
627451,151,327United States (Florida)
637461,422,644United States (New York)
647481,316,537United States (New York)
65751,564,523Afghanistan
6676699,734Norway

We can see that the most prevalent area code was “3” – it had over 164 million records, so the best guess here would be that this area code was assigned to another area too. We can also clearly see that there was a lot of numbers that were based in different states across the United States, so let’s dive into them too:

#StateUser count
1Alabama56,440,072
2North Carolina7,090,619
3Kansas5,703,426‬
4New York5,127,668
5Kentucky5,034,853
6Louisiana4,654,141
7Colorado4,550,108
8Missouri4,450,702
9Illinois3,753,002
10California3,127,911
11Florida2,763,122‬
12Pennsylvania2,611,849‬
13Massachusetts2,540,348
14Texas2,477,767
15Virginia2,053,585
16New Jersey1,681,681
17Maryland1,545,168
18Michigan1,495,079
29Nevada1,357,354
20Tennesee1,291,637
21Washington1,225,829
22Virgin Islands1,096,303
23Ohio1,013,513

Judging from the analysis above, we can tell that over a quarter – 27.36% – of the entire user base were apparently from Alabama if we compare the number against a database with duplicates. If we compare the number against the database without duplicates, we would see that users from Alabama consume an enormously huge percentage – 37.54% – of the whole user base: that’s more than some of the states combined.

Now we can also take a look at the rest of the area codes – this time, excluding the United States. Do note that the “Unknown” in the column represents an unusually high amount of users – it’s probably a mix between some countries.

#CountryUser count
1Unknown166,136,276
2France137,173,049‬
3Spain9,679,368
4Canada7,108,898‬
5Hungary26,450,768
6Discontinued, once was assigned to East Germany12,907,096
7Lithuania2,669,477
8Latvia2,535,843
9Estonia1,402,870
10Moldova1,186,081
11Ukraine10,729,895
12Montenegro1,441,145
13Kosovo2,060,581
14Italy2,033,093
15Russia48,921,308
16Botswana8,316,024
17Serbia14,019,502
18Kazakhstan10,745,346
19United Kingdom13,576,179
20Afghanistan1,564,523
21Norway699,734

We can see that the vast majority of Zynga’s users came either from the United States or the Western part of Europe.

Summary

Judging by the entire analysis above, we can draw an assumption that monthly active users of Zynga combined (from the beginning until the time of the breach) were nearing a few billion mark which is very impressive given that the service had its peak sometime in between 2011 and 2013.

Although this data breach, with duplicates included, impacted over 200 million users, Zynga’s team had done a very good job protecting the data by hashing the passwords with SHA1 and salts. As already mentioned above, due to its design, this hash is resilient to cracking, so further damage was avoided.

Nirium

Share
Published by
Nirium

Recent Posts

Schneider Electric: JIRA Server Breached

There have been rumors about a data breach targeting Schneider Electric. Did a data breach…

1 month ago

The Makers of Fiskars Scissors Got Breached: What’s Known

There have been rumors about the Fiskars Group – the company behind Fiskars scissors and…

1 month ago

Russia Fines Google for $20,000,000,000,000,000,000,000,000,000,000,000

Russia has fined Google more than two undecillion roubles because Google has refused to pay…

1 month ago

RockYou 2024.txt Looks Like a Binary File – Here’s Why

Why does RockYou 2024.txt look like a binary file when you open it up? Find…

1 month ago

Duolicious Data Leak: What You Need to Know

Duolicious is a dating app that connects people who are “chronically online.” Did the Duolicious…

1 month ago

What is RockYou 2024.txt and How Did RockYou 2024 Come to Be?

This blog will tell you what RockYou 2024 is, how RockYou 2024.txt came to be,…

1 month ago