Twitch were hit by a rather big source code and data breach earlier this month, which they say they’ve since been investigating. They’ve updated users again today, reiterating that the breach was made possible by a server configuration change and that they’re confident no passwords, login credentials, or credit card numbers were exposed.
This is, effectively, the same thing Twitch said immediately following the original source code hack and leak of streamer earnings numbers. Presumably now they’ve had time to look into the situation and be more certain that other user informatoin wasn’t also accessed.
Here’s the rest of what they had to say as of October 15th:
“Twitch passwords have not been exposed. We are also confident that systems that store Twitch login credentials, which are hashed with bcrypt, were not accessed, nor were full credit card numbers or ACH / bank information.
“The exposed data primarily contained documents from Twitch’s source code repository, as well as a subset of creator payout data. We’ve undergone a thorough review of the information included in the files exposed and are confident that it only affected a small fraction of users and the customer impact is minimal. We are contacting those who have been impacted directly.”
You can catch the rest of their previous updates on the situation on their Twitch security incident page.
Following the hack last week, Twitch went ahead and reset the stream keys for all users, meaning to actually stream to your profile you’d need to log in and snag that new code, just in case. As ever, probably good to have two-factor authentication set up for your account.