Popular social game developer Zynga has reportedly become the latest victim of a massive data breach impacting some 218 actor accounts.

On September 12, the aggregation appear that “certain player annual advice may have been illegally accessed by alfresco hackers,” but didn’t acknowledge any capacity about the scope of the breach and the number of players who may have had their advice stolen.

But now, there appears to be more than meets the eye in this case. According to Hacker News, gnosticplayers — the threat actor behind the sale of two colossal data dumps absolute of 747 actor stolen accounts spanning across 24 websites, including Dubsmash, MyFitnessPal, 500px, CoffeeMeetsBagel, Houzz, and Ixigo, on the dark web beforehand this year — has claimed to have compromised Zynga.

Pilfered capacity accommodate players’ names, email addresses, login IDs, hashed passwords, countersign reset tokens (if requested), phone numbers (if provided), Facebook IDs (if affiliated via the social network) and Zynga annual IDs.

Per gnosticplayers, the data breach afflicted all Android and iOS game players who installed and signed up for the  game on and before September 2 this year. The hacker is also said to be in ascendancy of hacked data associated with other Zynga-developed games, such as and the now-defunct game.

It’s not clear if the breach itself was the result of a credential capacity attack, wherein passwords from a breach are used on addition site through all-embracing automatic login requests.

“Whether or not this resulted from credential stuffing, massive data breaches like Zynga’s accordingly lead to an access in credential capacity attacks on other websites, creating a huge spikes in bot cartage on their login screens as hackers cycle through the astronomic list of accreditation stolen from Zynga,” said Tiffany Olson Kleemann, VP of bot administration at California-based cybersecurity vendor Imperva.

“Password dumps create a ripple effect of organizations spending adored time and assets on damage control. While it’s important that alone web users have strong, secure logins, the onus is on the businesses to detect and block awful bot cartage before all-embracing countersign hacks can occur,” she added.

Zynga is one of the most accepted social gaming companies, with a market appraisal of $5.48 billion and a number of hit online games such as , , , , and to its credit.

The company, for its part, said it took antidotal steps to assure afflicted accounts from crooked logins and notify players of the incident. The argumentative analysis is currently in progress.

We’ve also contacted Zynga to learn more, and we’ll update the story if we hear back.

Reused passwords are still one of the top ways cybercriminals takeover online accounts. Even if just one of your passwords gets exposed, abyss can try that same countersign across bags of other sites.

Read next: Satoshi Nakaboto: ‘$10M Chinese Bitcoin farm burns, arrangement gets clogged’