As cybercriminals find new ways to infiltrate an organization’s private data stores, we are seeing an increasing number of breaches being reported in the news. When a breach has the potential to affect organizations, it must be ensured that the facts are communicated to the teams through the release of an emailed Security Brief. If the breach is critical, organizations must opt to send a Security Alert that will come in the form of an email as well as an SMS.
Two recent breaches have been announced by Zynga Inc. and DoorDash.
On September 12, 2019, Zynga Inc., an online interactive gaming company, announced they’d recently discovered that certain player account information may have been illegally accessed by outside hackers. Although Zynga has not yet addressed the scope, media reports indicate that the hacker claims to have breached the data of more than 200 million players of Zynga games, including Draw Something and Words with Friends accounts on both Android and iOS platforms.
Players who installed and signed up to play Words with Friends before September 3, 2019 may be affected. It has been reported that Words with Friends player data that has potentially been compromised includes:
Zynga has opened an investigation into the breach and has contacted law enforcement. A press release was sent out that states some of the details as well as the steps the company is taking to protect these users’ accounts from invalid logins.
On September 26, 2019, DoorDash, the food delivery company, confirmed an unauthorized third-party service gained access to user data on May 4, 2019.
Consumers, delivery drivers, and merchants who joined the DoorDash platform on or before April 5, 2018, are affected in this breach. The type of information potentially compromised could include:
Profile information including:
For some consumers, the last 4 digits of consumer payment cards (the company stated this information was insufficient to make fraudulent charges). For some delivery drivers and merchants, the last 4 digits of bank account numbers (similarly, the company stated this information was insufficient to make fraudulent withdrawals). Approximately 100,000 delivery drivers also had their driver’s license numbers accessed.
In a statement on the DoorDash website, the company said it has taken appropriate measures to block the unauthorized third-party and further secure consumer’s data. It will notify those who have been affected directly