Updated with info that Twitch is sending to people it suspects were specifically affected by this hack.

Twitch was potentially hacked.

The video-streaming site has notified its account holders that they should change theirs passwords. Twitch has updated its blog sharing information about the incident, and it is also sending out an email that contains the same warning. The company is warning that the hackers may have had access to personal account information. Twitch is a hugely popular website where people can broadcast live video of themselves playing games. More than a million people do exactly that, and more than 65 million load up the site each month to view content.

Here is Twitch’s official statement on the matter:

We are writing to let you know that there may have been unauthorized access to some Twitch user account information.

For your protection, we have expired passwords and stream keys and have disconnected accounts from Twitter and YouTube. As a result, you will be prompted to create a new password the next time you attempt to log into your Twitch account.

We also recommend that you change your password at any website where you use the same or a similar password. We will communicate directly with affected users with additional details.

The company has since sent out an email only to people it thinks were affected by the attack. We got our hands on that text (thanks to Twitter users Chris Seymour and Oirya). Check out the relevant info (emphasis added):

We are writing to let you know that there may have been unauthorized access to some of your Twitch user account information, including possibly your Twitch username and associated email address, your password, the last IP address you logged in from, limited credit card information (card type, truncated card number and expiration date), and any of the following if you provided it to us: first and last name, phone number, address, and date of birth.

PLEASE NOTE: Twitch does not store or process full credit or debit card information, so your card number is safe.

While we store passwords in a cryptographically protected form, we believe it’s possible that your password could have been captured in clear text by malicious code when you logged into our site on March 3rd.

We’ve asked for more information, but the company has declined to comment on what personal information is at risk. It also did not say whether credit-card information — used for subscribing to various channels or Twitch turbo — was accessed.

Last week, Twitch went down for several hours, but the company has told us that particular outage was not the result of the attack it is talking about today. A spokesperson specifically referred to it as an “internal tech issue” before the company shared news of the apparently separate security incident.

Twitch’s popularity as a video site led to Amazon spending $970 million last year to purchase the company.


You can't solo security COVID-19 game security report: Learn the latest attack trends in gaming. Access here