“In a statement, Zynga provided little detail on what data had been stolen but said that no financial information was compromised. The gaming giant says that it has taken steps to protect accounts, and that many users will be prompted by email notification to reset their passwords.

You should change your password even if it’s not clear that your account has been affected, security experts say.

“You want to create a strong password that’s unique, and not shared with any other online accounts, especially important accounts like social media logins or bank accounts,” says Justin Brookman, director of privacy and technology policy at Consumer Reports. “And stitching a bunch of random words together is more effective than [using common tactics such as] changing an ‘i’ to a ‘1’ or exclamation point.”

If you used your Words With Friends password for any other online account, it’s prudent to change the password there, as well.

Though the hacker reportedly gained access to millions of Facebook IDs, Zynga says that Facebook passwords were not stolen. “Zynga does not collect your passwords for Facebook, Android, or iOS, and we have no indication that this information was involved in the event,” the company wrote. 

A close reading of Zynga’s privacy policy suggests that the company collects far more information than your favorite high-value, five-letter words. The company encourages users to share their phone contacts, and it may collect location data through users’ smartphones.

If you access the service through Facebook, Zynga may also collect information about your Facebook friends, the email address you use with Facebook, your birthday, and more. That information is retained for as long as the player’s account is open, and in some cases even longer. “

Continue reading: Data Stolen From 218 Million Words with Friends Users (Consumer Reports)