Live streaming website Twitch has suffered a huge data breach that has seen the source code for its mobile and desktop apps leaked online, as well as information on how much content creators got paid.
Twitch is a live streaming platform popular with video gamers and other types of content creators. The platform allows streamers to create and maintain subscribers who can pay to access the streamer’s live content or donate to streamers during a broadcast.
Twitch has confirmed that cyber criminals were able to access sensitive data after “due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party.”
The data – labelled “Part 1” suggesting more may soon be leaked – was released on the troll and prank website 4Chan.org. The leak has been confirmed to be valid and contains data as recent as last week.
Sponsored Content. Continued below...
What does this mean for Twitch users?
While passwords and usernames have not been included in the initial data leak, given the scope of the breach, it is important for anyone with a Twitch account to assume that their username and passwords have been compromised.
This means, of course, changing your Twitch password.
It also means ensuring you don’t use the same combination of username and password anywhere else on the Internet. Once such data has been leaked online, criminals will often try their luck stuffing the login information into other websites to check if people are [unwisely] reusing passwords across different accounts. It’s called credential stuffing.
Twitch also supports two-factor authentication, which we also recommend enabling to ensure your accounts stay out of the hands of hackers, even if your password is leaked online.