Twitch says passwords were not exposed in last week’s massive security breach


Twitch claims that user passwords and financial information were not exposed in the massive data breach that occurred last week, and that it is “confident” that the systems that store the credentials encrypted connections have not been accessed.

“The data exposed mainly contained documents from Twitch’s source code repository, as well as a subset of creator payment data,” Twitch said. “We have undergone a thorough review of the information included in the exposed files and are confident that this has affected only a small fraction of users and the impact on customers is minimal. We are reaching out to those who have been directly affected. “

He also confirmed that the incident was the result of a server configuration error “which allowed inappropriate access by an unauthorized third party.” The problem has since been resolved.

The wording of the statement, in particular the reference to reviewing “information included in exposed files”, could be intended to give Twitch some leeway if more damaging information comes to light: the hacker at the Origin of last week’s leak referred to this as “Part One”, implying that there is more to come in the future, which Twitch may not yet be aware of. the specific nature.

Still, that’s about as good a result as Twitch could hope for given the extent of the breach, which totaled 125GB of data that included the streamer’s payment information, the source code for the entire site. Twitch and news from an unreleased Steam competitor named Vapor. Security experts were appalled at the scale of the hack: one said the breach was “as serious as it could be”.

Despite the relatively good news, the reaction to Twitch’s statement on Twitter was not uniformly positive. One user claimed that there was a “myriad” of two-factor authentication requests the day after the hack, suggesting that some passwords were leaked; another pointed out that 10,000 streamers saw their payment details leaked, and while that may indeed be a “small fraction” of Twitch’s total user base, it’s still quite crowded. And there is still some concern about the potential for fraud arising from the data that has been leaked.

See more

Twitch concluded by saying that it had “taken steps to further secure” the platform, although it did not give details about it, and apologized to its users for the breach.


Leave A Reply