Twitch announced in a blog post yesterday that its users' account information may have been compromised. In response to the breach, they have reset all account passwords and stream keys. They've also disconnected Twitter and YouTube connections from accounts.
The compromised information could include usernames, e-mail addresses, passwords, and the last IP address used by each user. Users may optionally supply Twitch with their first and last names, phone numbers, addresses, and dates of birth. That information has been affected as well. Thankfully, Twitch doesn't store credit-card info.
So far, Twitch's response to the breach hasn't looked good, especially when it comes to communicating with its customers. One would assume a company recently purchased by Amazon to the tune of a billion dollars would have an incident response policy with a contingency prepared for the all-too-common occurrence of personally identifiable information being lost. Yet the press has uncovered that different information is being disseminated to different audiences. The e-mails sent out to their customers are not just a rehash of the blog post, and those e-mails aren't identical across Twitch's user base.
While we store passwords in a cryptographically protected form, we believe it’s possible that your password could have been captured in clear text by malicious code when you logged into our site on March 3rd.
That's not just a dump of customer information out of a database. That statement carries the far more serious implication that the attackers gained some measure of control over Twitch's infrastructure. Why did only certain people receive this information? Out of an abundance of caution, all Twitch users should assume the worst-case scenario applies to them.
Of course, Twitch is now forcing its users to change their passwords when they login to the site. I would suggest using a good, strong password that's unique to Twitch if you're one of those affected.
|Aerocool's Project 7 P7-C1 Pro case reviewed||1|
|Sapphire Nitro+ Radeon RX Vegas put a big chill on spicy-hot chips||2|
|Antec P110 Silent touts quiet looks and quiet operation||10|
|Updated LG Gram laptops put heavy-duty power into feathery bodies||10|
|Monkey Day Shortbread||10|
|Thursday deals: a nice Z370 mobo, a huge VA display, and more||4|
|Samsung's Notebook 9 portables rock eighth-gen Core i7s||3|
|Rumor: Ryzen 2 set for Q1 2018 and a Fenghuang APU breaks cover||75|
|TR's 2017 Christmas giveaway: eight days left and counting||8|
|My first born son will be named fenghuang. I will raise him in the way of zen. Thus it is written, thus it shall be done.||+22|