Play Zynga Poker? This hacker might have your password

If you're one of the millions of people who play Zynga Poker every day, you better start keeping your cards close to your chest.

If you're one of the millions of people who play Zynga Poker every day, you better start keeping your cards close to your chest. An investigation led by Internet security firm Eset has exposed a ring of bot computers that phished Facebook passwords from more than 16,000 people.

The hack was orchestrated via a network of 800 bot computers that posted phony messages that linked to what looked like porn sites (or "tabloid topics," as Eset put it—see the picture below) on the walls of Zynga Poker players. Clicking a link on the phony site would redirect players back to what appeared to be Facebook, but was actually a phishing site that mimicked the social network's design. When victims entered their username and login info into the fields, they essentially handed them over to the hacker.

With that info, the hacker could poke around anything on their Facebook account, and could even see how many credit cards the user had on file to buy Zynga poker credit (it doesn't appear they could access the credit card numbers themselves, however). In some cases, the hacker would lure the compromised account holder's friends to the same phony Facebook site and phish their passwords, too. 

In a press release, Eset said the hacker's targets were largely based in Israel. So if you're playing anywhere else in the world, you're probably safe—from this particular hack, at any rate. The obvious way to protect yourself from others like it is to check the URL of any site asking for your login information. If the address bar says "," you're probably good. Anything else and you might want to be a little skeptical.

Eset claimed that it notified Facebook of the attack in February, 2012 and the company took measures to shut it down. It effectively ceased operation around that time. Who was the mastermind behind the botnet? That's still not clear. Eset says it's working with the Israeli Computer Emergency Response Team in an ongoing investigation.

Meanwhile, Zynga is planning to launch a real-money poker game sometime soon, having already applied for license from the Nevada Gaming Control Board. Hackers should have a lot of fun with that one.

Zynga did respond to a request for a comment.

Photo by Vira G/Flickr

Anonymous takes on Facebook, Zynga, and Karl Rove
Anonymous is in attack mode, and their latest targets couldn’t be more high-profile: game company Zynga, social behemoth Facebook, and Republican mastermind Karl Rove. Having spent a profitable weekend attacking Neo-Nazi sites, the Greek government, and (for some reason) the official website of the small Canadian Province of Prince Edward Island, they’ve moved on with a couple of video attack announcements calculated to terrify their targets.
From Our VICE Partners

Pure, uncut internet. Straight to your inbox.

Thanks for subscribing to our newsletter!