Twitch has posted a new statement concerning last week’s major site hack, which saw the entirety of the streaming service’s website — including its infrastructure, dev tools, and pay records — laid bare as a public torrent file. Having conducted an investigation, Twitch is saying that user passwords and payment info should not be considered at risk.
“Twitch passwords have not been exposed,” reads the statement. “We are also confident that systems that store Twitch login credentials, which are hashed with bcrypt, were not accessed, nor were full credit card numbers or ACH / bank information.”
“The exposed data primarily contained documents from Twitch’s source code repository, as well as a subset of creator payout data. We’ve undergone a thorough review of the information included in the files exposed and are confident that it only affected a small fraction of users and the customer impact is minimal.”
The hack, believed to have taken place on Monday, October 11, came about after an infiltrator made their way inside Twitch’s walls during a server switchover. Among the data dump that subsequently appeared online was Partner pay records, Twitch.tv’s desktop and mobile builds, associated Twitch properties, and even unreleased projects — such as a “Steam-style” dashboard created by Amazon Game Studios. Twitch has since suggested that the hack was perpetrated by a “malicious third party,” though no further details to the hacker’s identity have been released.
Regardless of the above statement, it is probably wise for users to change their passwords and switch out their stream keys regardless — better to be safe than sorry, etc. The hack ‘n’ dump of Twitch is, frankly, one of the biggest video game stories of 2021. It’s momentous. Yet I can’t help but feel it’s already becoming yesterday’s news, destined — like so many headlines — to be forgotten by next month, despite being one of the biggest security breaches in internet history.