Twitch, the popular video game streaming service acquired by Amazon last year for $970 million, has notified customers that their account information might have been accessed by an unauthorized third party.
The company hasn’t provided too many details on the incident. In a blog post published on Monday, Twitch informed users that their passwords have been reset and that they will have to set new ones the next time they log in to their accounts.
In an email sent out to affected customers, Twitch revealed that usernames, email addresses, “cryptographically protected” passwords, the IP address from which they logged in most recently, limited credit card information (card type, expiration date, and partial card number) have been exposed in the breach.
The attacker might have also gained access to names, phone numbers, dates of birth, and addresses, but only in the case of users who provided this information. The company says it does not store full credit or debit card data so payment information couldn’t have been accessed.
The notification emails received by some users also contain a note suggesting that attackers planted malicious code on Twitch’s website on March 3.
To prevent misuse, Twitch says it has expired passwords and stream keys, and disconnected Twitter and YouTube accounts.
Initially, Twitch wanted users to set new passwords that were complex and at least 20 characters long. However, after numerous users complained on social networks about the overly-restrictive password requirements, the company reduced the minimum length to 8 characters.
This isn’t the first time the credentials of Twitch users are exposed. Back in June 2013, the streaming service informed customers that their passwords and stream keys had been reset as a precaution after the company’s CDN partner mistakenly cached some pages that shouldn’t have been cached.

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- China’s Offensive Cyber Operations in Africa Support Soft Power Efforts
- SANS Survey Shows Drop in 2023 ICS/OT Security Budgets
- Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones
- Cisco to Acquire Splunk for $28 Billion
- Car Cybersecurity Study Shows Drop in Critical Vulnerabilities Over Past Decade
- Omron Patches PLC, Engineering Software Flaws Discovered During ICS Malware Analysis
- Intel Launches New Attestation Service as Part of Trust Authority Portfolio
- Atos Unify Vulnerabilities Could Allow Hackers to Backdoor Systems
Latest News
- In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking
- China’s Offensive Cyber Operations in Africa Support Soft Power Efforts
- Air Canada Says Employee Information Accessed in Cyberattack
- BIND Updates Patch Two High-Severity DoS Vulnerabilities
- Faster Patching Pace Validates CISA’s KEV Catalog Initiative
- SANS Survey Shows Drop in 2023 ICS/OT Security Budgets
- Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones
- New ‘Sandman’ APT Group Hitting Telcos With Rare LuaJIT Malware
