Why did I get an email about Zynga?
The Queen’s IT Services Security team recently became aware of a data breach at Zynga (a game developer – creator of Words and Friends). This event may have potentially affected multiple accounts here at Queen’s. As a precaution, the Queen’s IT Services will expire the passwords of any Queen’s account found to be listed on the breached Zynga accounts list and who have not changed their passwords since September 1, 2019.

If you received an email message, and have not changed your password since September 1, 2019, you will be asked to reset your password before IT Services expires the account password.

What should I do to protect myself?
You should immediately reset your password by visiting the website at https://netid.queensu.ca/selfservice/login/auth

We also encourage you to take the following actions to better protect yourself and your information:
1.Do not reuse passwords across your accounts.
2.If you have used your Queen’s password on multiple sites we strongly encourage you to change that password on every other site where it has been used.

What data was compromised?
Any user who created an account on the Zynga website using their Queen’s email address or NetID was potentially included in the breach.  If the user also supplied the same password as that used with their Queen’s account, then the user’s Queen’s account was potentially compromised.

It has been reported that the exposed data could include the user’s name, email address, and password for all accounts created on the Zynga website.

Why is Queen’s expiring passwords for potentially breached accounts?
Queen’s has been monitoring the issue and has observed several compromised accounts beginning September 2019 in which the compromised accounts were part of the Zynga data breach. Queen’s IT Services are taking this action to prevent further account compromises by expiring the passwords of all accounts associated with the same Zynga breach.

What caused the data breach?
We have no direct information from Zynga about the cause of the breach.