Twitch forces users to reset password in wake of breach
Twitch, the popular Amazon-owned game streaming service, has apparently suffered a breach that might have resulted in the compromise of users’ personal information and password.
Initial indications that something was wrong came from users. A few days later, the company has confirmed that there “may have been unauthorized access to some Twitch user account information.”
According to reported warning emails sent to potentially affected customers, users’ Twitch username and associated email address, password, the last IP address they logged in from, and first and last name, phone number, address, and date of birth, may have been compromised.
“While we store passwords in a cryptographically protected form, we believe it’s possible that your password could have been captured in clear text by malicious code when you logged into our site on March 3rd,” they added.
Also, according to some of the users who received a variant of the email, their credit card type, truncated card number and expiration date has also been potentially compromised.
“For your protection, we have expired your password and stream keys. In addition, if you had connected your account to Twitter or YouTube, we have terminated this connection,” the company noted.
“You will be prompted to create a new password the next time you attempt to log into your Twitch account. If applicable, you will also need to re-connect your account to Twitter and YouTube, and re-authenticate through Facebook, once you change your password. We also recommend that you change your password at any other website where you use the same or a similar password.”