On the evening of September 7th, Twitch confirmed a security breach in which hackers gained access to highly sensitive information like email addresses and encrypted passwords. The company is working with law enforcement agencies on this matter.
Yesterday, we reported on claims that a hacker stole 125GB of data from Twitch and released it into the wild, where it was leaked to 4chan as retaliation against the Twitch community in order to “foster more disruption and competition in the online video streaming space” – a bizarre flex that managed to ensnare and release everything from internal Twitch source code to streamer payout reports.
Early this morning, Amazon issued a blog post acknowledging the breach but explaining the nature of the information obtained.
“We’ve discovered that certain data was exposed to the internet as a result of a Twitch server configuration modification mistake, which was then accessed by a hostile third party.” Our investigators are working around the clock to look into the situation. We’re still trying to figure out the full effect of the inquiry since it’s still ongoing. We recognize that this situation has raised some concerns, and we’d want to address a few of them here while our inquiry is underway. We have no evidence that login credentials have been leaked at this time. We are still looking into it. Furthermore, Twitch does not keep complete credit card information, thus full credit card numbers were not revealed.”
While Amazon claims that no login credentials were stolen, it did reset all Twitch stream keys, so if you’re a Twitch broadcaster, you’ll want to take care of that.