Twitch Security Breach: User Login And Payment Info Not Leaked, Twitch Says
Your account credentials and credit card info should be safe.
Twitch announced that the latest data breach did not leak users' login credentials, full credit card numbers, or ACH/bank information--personal information people were worried had been compromised when the security breach was first made public on October 6.
Confirmed leaked information include documents from Twitch’s source code repository, as well as a subset of creator payout data. The number of people impacted is minimal, Twitch claims, and individuals affected directly have been reached out to.
The security breach stemmed from a server configuration change that allowed unauthorized access from third parties--an issue Twitch says they have now fixed. The leaked Twitch information was made publicly available in a 125GB torrent link post to 4chan. In addition to the creator payout data, information about an unannounced competitor project to Steam, nicknamed "Vapor," was also included.
We have an update for the community regarding last week’s security incident. Please visit the Twitch blog for more information https://t.co/DatpHD4Bja— Twitch (@Twitch) October 15, 2021
Even though Twitch claims no login credentials were compromised--and if you haven't done so already--it'd still be a wise decision to change your password to protect your account. Better safe than sorry!
In other Twitch news, the platform recently implemented more tools to help users combat "hate raids" after much push from the Twitch community. Twitch creators can now implement phone-verified and email-verified chat settings, which ask chat users to verify their phone number or email once. Twitch streamers can also adjust which pool for chat participants this verification applies to and can exempt VIPs, subscribers, and moderators.