Gaming giant Zynga is facing a class-action lawsuit filed by two individuals over a massive data breach last September that impacted 218 million users of the Words with Friends mobile app. The complaint was filed in the U.S. District Court for California and seeks class status and at least $5 million in damages.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
The California Consumer Privacy Act (CCPA) that went into effect on January 1, 2020 is raising the stakes for businesses everywhere. While we are yet to see major fines imposed under this law, businesses remain exposed to lawsuits such as the one just filed against Zynga. The lawsuit alleges that Zynga failed to properly disclose the data breach to the over 200 million affected individuals, as required by California law.
Stolen personal information is sold on the dark web and used by other cybercriminals to launch automated account takeover (ATO) attacks on other websites, where the same user might have had a registered account. The compromised accounts can then be used to commit fraud, which not only hurts the affected user but also the business whose website was targeted.
For businesses with an online presence, even if they are not part of a data breach, it is important to have bot mitigation capabilities to address ATO attacks. For consumers, it is best to use different passwords on different sites and lockdown their credit records as much as possible.