Twitch says “no indication” that personal details were part of leaks

Twitch also confirms how the leaked data was obtained

October 7, 2021 (10:10) Twitch has provided an update, saying it has reset all users’ stream keys as a precautionary measure.

Following yesterday’s staggering news that a hacker has obtained 125GB worth of information from Twitch, including the site’s source code and earnings data for some of its biggest streamers, the platform has released a short blog post reassuring users their personal information is safe.

While many in the streaming community were encouraging users to change their passwords and set up two-factor authentication following the massive leak, Twitch says there is “no indication that login credentials have been exposed.” It also says that as it does not store full credit card details, users’ payment information was also not compromised as part of the leak. This should come as a relief to those who feared that their accounts could be in jeopardy.

Despite being confident that accounts are not at risk, Twitch is erring on the side of caution and has reset stream keys for all accounts. In a blog post, Twitch also issues advice for streamers on how and when to update their streaming software with their newly assigned stream key.

After acknowledging the data breach in a tweet yesterday, Twitch has also now given a slightly more detailed explanation as to how the information was leaked.

“We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party,” the platform says. “Our teams are working with urgency to investigate the incident.

“As the investigation is ongoing, we are still in the process of understanding the impact in detail.”

While the news that personal information is likely not at risk will be reassuring, this certainly isn’t the end of this story, with the hacker responsible claiming to have more information that they will release at a later date.