Last Updated on October 14, 2021 by Calvin C.
On the 6th of October 2021, Twitch confirmed on Twitter that the company had been hit by a cyberattack, without shedding more light on the extent of the damage done.
“We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us,” the Twitter statement read.
However, further reports about the Twitch data breach showed that the attacker accessed the servers and leaked 125 GB of data.
This data was posted by an anonymos hacker as a torrent on the 4chan message board, with confirmation that this was a legitimate leak.
Video Games Chronicles verified the availability of the files for download by the public, highlighting that the purpose of the leak was to “foster more disruption and competition in the online video streaming space” because “their community is a disgusting toxic cesspool”.
So what caused the data breach?
Twitch, in a blog post, said this was caused by an “error in a Twitch server configuration” and this gave the attacker access to all their data.
The company went on to say no login credentials were exposed in the attack. A statement in the blog post read as follows:
“At this time, we have no indication that login credentials have been exposed. We are continuing to investigate.
Additionally, full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed.”
What is Twitch?
This is a company founded in 2011 and provides a platform for live video streaming, including gaming, entertainment, sports, music and more.
As of September 2021, the number of active users was 140 million with the majority of them being gamers or gaming audiences.
In 2014, Amazon acquired Twitch for $970 million and back then the platform had 55 million monthly users.
You can download the Twitch app here and start streaming.
What was leaked?
A reports by Video Games Chronicles indicated that the data that was leaked includes:
- Details on creator’s payouts
- Source code for mobile, desktop, video game console clients
- Code related to proprietary SDKs and internal AWS services
- Unreleased Stream competitor from Amazon Game Studios
- Other data on properties owned by Twitch
- Internal security tools
Even some streamers confirmed to BBC News that the payouts in the leaks were accurate.
Twitch came under fire in the past for taking no action against acts of hate and harrassment on other streamers.
The company later bowed down to pressure and filed a lawsuit against 2 streamers who were implicated in carrying out “hate raids”.
In a “hate raid”, a malicious Twitch user creates fake bot accounts and uses them to harrass a creator.
How to strengthen your Twitch account
The data breach is a wake-up call to make sure your Twitch account is strong because attackers are always on the lookout for vulnerable systems to access.
To achieve that, you take the following actions:
- Change your password
- Enable 2-factor authentication
1. Change your password
Make sure when you change your password to one that is complex.
To access the option where you change your Twitch password, follow these steps:
Open Twitch in browser or app > Account Settings > Security and Privacy > Password > Change Password
You can make life easier by using a password manager, which creates a highly complex, secure password automatically.
For that I recommend NordPass because it was created a by a leading VPN company, NordVPN.
It works accross multiple devices and it’s easy to generate a new, unique password anytime you feel the old one is nolonger safe.
Get NordPass today and never worry about hackers cracking your password.
2. Enable 2-factor authentication
Another security measure that I highly recommend is to enable 2-factor authentication.
This adds an extra layer of security because no-one can log into your account without entering a correct code sent to your device.
To enable 2-FA on Twitch, follow these steps:
Open the Twitch app > Go to Security > Go to 2-factor authentication and Enable 2-FA > Enter your phone number and wait for a 7-digit code > Enter the code and you are done!
I have written a full article covering other aspects of good cyber hygiene so that you greatly reduce the risk of getting hacked, when online.
The events that took place on the 6th of October certainly shook Twitch and they will definitely pay more attention on ensuring their platform is secure.
As a Twitch user, you can also minimize your exposure to online attacks by using a VPN to hide your location and traffic.
A VPN that is good for streaming ensures that the connection speed is maintained to prevent any lags which disrupt the streaming or gaming experience.
You can quickly browse through the best VPNs for gaming that we have reviewed on this site.
- Short of time? The overall best VPN for streaming and gaming is NordVPN. You get 69% off a 2-year plan by using the link below:
Is your Twitch account secure? Leave comments below and support us by sharing our content on social media.