Twitch says passwords were not exposed in last week’s massive security breach
Only a “small fraction” of users were impacted.
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Twitch says user passwords and financial information were not exposed in themassive data breachthat occurred last week, and that it is “confident” that systems that store encrypted login credentials were not accessed.
“The exposed data primarily contained documents from Twitch’s source code repository, as well as a subset of creator payout data,” Twitchsaid. “We’ve undergone a thorough review of the information included in the files exposed and are confident that it only affected a small fraction of users and the customer impact is minimal. We are contacting those who have been impacted directly.”
It also confirmed that the incident was the result of a server configuration error “that allowed improper access by an unauthorized third party.” The issue has since been fixed.
The wording of the statement, specifically the reference to the examination of “information included in the files exposed,” could be intended to give Twitch some wiggle room down the road should more damaging information come to light: The hacker behind last week’s leak referred to it as “part one,” implying that there’s more to come in the future, the specific nature of which Twitch may not yet be aware of.
Still, it’s about as good an outcome as Twitch could hope for given the extent of the breach, which totaled125GB of datathat included streamer payout information, the source code for the entire Twitch site, and news of an unreleasedSteam competitor codenamed Vapor. Security experts were appalled by the scale of the hack: One said the breach was “as bad as it could possibly be.”
Despite the relatively good news, reaction to Twitch’s statement on Twitter was not uniformly positive. One user claimed there was a “myriad” oftwo-factor authentication requeststhe day after the hack, suggesting that some passwords were leaked; another pointed out that10,000 streamers had their payout information leaked, and while that might indeed be a “small fraction” of Twitch’s total user base, it’s still a hell of a lot of people. And there’s still some concern about the potential for fraud arising from the data that did get out.
I think what should be addressed, is the statement of ‘…were not accessed, nor were 𝗳𝘂𝗹𝗹 𝗰𝗿𝗲𝗱𝗶𝘁 𝗰𝗮𝗿𝗱 𝗻𝘂𝗺𝗯𝗲𝗿𝘀’My name, linked to lets say the last four numbers of my credit card; can cause many significant fraud issues.October 15, 2021
Twitch concluded by saying that it has “taken steps to further secure” the platform, although it didn’t get into any specifics on that front, and apologized to its users for the breach.
The biggest gaming news, reviews and hardware deals
Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.
Andy has been gaming on PCs from the very beginning, starting as a youngster with text adventures and primitive action games on a cassette-based TRS80. From there he graduated to the glory days of Sierra Online adventures and Microprose sims, ran a local BBS, learned how to build PCs, and developed a longstanding love of RPGs, immersive sims, and shooters. He began writing videogame news in 2007 for The Escapist and somehow managed to avoid getting fired until 2014, when he joined the storied ranks of PC Gamer. He covers all aspects of the industry, from new game announcements and patch notes to legal disputes, Twitch beefs, esports, and Henry Cavill.Lotsof Henry Cavill.
Roblox is banning kids from unrated experiences and Social Hangout spaces in an effort to protect them from paedophiles
Steam Game Recording is now available for everyone, and it’s packed with neat features
Co-op survival game Icarus is celebrating 153 consecutive weekly updates by giving you a flamethrower and a free weekend
