Twitch, the popular video game streaming service acquired by Amazon last year for $970 million, has notified customers that their account information might have been accessed by an unauthorized third party.
The company hasn’t provided too many details on the incident. In a blog post published on Monday, Twitch informed users that their passwords have been reset and that they will have to set new ones the next time they log in to their accounts.
In an email sent out to affected customers, Twitch revealed that usernames, email addresses, “cryptographically protected” passwords, the IP address from which they logged in most recently, limited credit card information (card type, expiration date, and partial card number) have been exposed in the breach.
The attacker might have also gained access to names, phone numbers, dates of birth, and addresses, but only in the case of users who provided this information. The company says it does not store full credit or debit card data so payment information couldn’t have been accessed.
The notification emails received by some users also contain a note suggesting that attackers planted malicious code on Twitch’s website on March 3.
To prevent misuse, Twitch says it has expired passwords and stream keys, and disconnected Twitter and YouTube accounts.
Initially, Twitch wanted users to set new passwords that were complex and at least 20 characters long. However, after numerous users complained on social networks about the overly-restrictive password requirements, the company reduced the minimum length to 8 characters.
This isn’t the first time the credentials of Twitch users are exposed. Back in June 2013, the streaming service informed customers that their passwords and stream keys had been reset as a precaution after the company’s CDN partner mistakenly cached some pages that shouldn’t have been cached.

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data
- Barracuda Urges Customers to Replace Hacked Email Security Appliances
- Google Patches Third Chrome Zero-Day of 2023
- ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
- Verizon 2023 DBIR: Human Error Involved in Many Breaches, Ransomware Cost Surges
- Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations
Latest News
- Consolidate Vendors and Products for Better Security
- Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack
- Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data
- North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft
- Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions
- Barracuda Urges Customers to Replace Hacked Email Security Appliances
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- BBC, British Airways, Novia Scotia Among First Big-Name Victims in Global Supply-Chain Hack
