[BreachExchange] Zynga sues 2 former employees over alleged massive data heist

Thu Dec 1 19:21:14 EST 2016

http://arstechnica.com/tech-policy/2016/11/zynga-sues-2-
former-employees-over-alleged-massive-data-heist/

On Tuesday, Zynga sued two of its former employees. The company claims they
stole confidential information and took it to their new employer, rival
social gaming startup, Scopely.

Massimo Maietti and Ehud Barlach worked as higher-up employees for the San
Francisco-based Zynga until they left in July and September, respectively.
Scopely, which makes Dice with Buddies,Wheel of Fortune Free Play, and
others, is also named as a co-defendant in the case.

According to Zynga’s 28-page civil complaint, Maietti was the creative
director on “one of Zynga’s most ambitious soon-to-be released games, which
goes by the code name ‘Project Mars.’” Barlach, for his part, was the
general manager of Hit It Rich! Slots.

Neither Scopely, Maietti, nor Barlach immediately responded to Ars’ request
for comment.

Both men are accused of taking a vast quantity of private data with them
and successfully recruited former colleagues to join them at Scopely, which
Zynga claimed was a violation of their employment contracts. (Scopely has
several Zynga alumni, including Roy Rosenthal, the company’s general
counsel. Rosenthal also did not respond to Ars.)

In recent months, as Zynga became increasingly aware that “key talent” was
leaving the company, it commissioned a “forensic examination” of former
employee’s computers, going back to Maietti.

As Zynga alleges:

"On July 4, 2016—during the Independence Day holiday and just one day
before he gave notice of his resignation of employment from Zynga–Maietti’s
Internet history shows that Maietti used the Google Chrome browser on his
Zynga-issued laptop to access a Zynga-owned Google Drive account. His
browser history shows that he proceeded to download 10 Google Drive folders
that he had permission to access, but only as necessary to perform his
duties for Zynga. The Google Chrome browser “zipped” those ten files and
downloaded them to his File Downloads folder. Once downloaded, forensic
analysis shows that Maietti copied nine of those folders to a connected
external USB device. The external USB device was disconnected from the
computer, and Maietti then placed the .zip files in the Trash, while they
remained on the USB device. On July 7, 2016, over 20,000 files and folders
were located within the Trash but were subsequently deleted in a failed
attempt by Maietti to cover his tracks."

The lawsuit goes on to explain that those zipped files “have identical
names to those in Zynga’s Google Drive account” and consist of “extremely
sensitive, highly confidential Zynga information,” including “wholesale
copying of the Project Mars folder.”

Those documents also allegedly included “hundreds of detailed design
specifications,” “unreleased game design documents,” and “financial-related
information."

For his part, while he was still at Zynga, Barlach is accused of engaging
in similar data copying and even telling a Scopely recruiter whom to target
at Zynga.

In response, Scopely recruiter Christina Dunbar responded to Barlach by
text: “Thanks!! I was saving that for your first day! LOL I would be happy
to hear about anyone you think I should be trying to speak with. Obviously
I know you have that clause about not taking people so I am always careful.
:-)”

Scopely ended up hiring Derek Heck, a product manager at Wizard of Oz Slots
and Willy Wonka Slots. The lawsuit also claims that Heck even “deleted more
than 24,000 files and folders in the last month of his employment with
Zynga, and referenced articles entitled ‘How to erase my hard drive and
start over’ and ‘How to Erase a Computer Hard Drive - How To Articles.’”

Zynga settled a similar case filed against a former employee in 2013, but
the new case against Scopely seems to be far larger in scale.

Steph Hess, vice president of communications for Zynga, declined to respond
to Ars’ questions on the record and simply referred us to the lawsuit
itself.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161201/778793a8/attachment.html>