Twitch Confirms Source Code Leak; User Passwords Not Compromised

Oct. 16, 2021

Afterconfirming the data breachlast week, Twitch has now given more details on the security incident. In an update to its blog post, the live streaming service says it hasfixed the configuration issue that allowed unauthorized access. Furthermore, Twitch says no passwords were compromised.

Twitch Passwords Not Compromised in Attack

According to Twitch, attackers were not able to leak the passwords of their users. Twitch also highlighted that ituses bcrypt password hashing functionfor hashing passwords. Credit card numbers and other banking information are safe too.

After acknowledging that theexposed data contained Twitch’s source code and a subset of creator payout data, Twitch said the attack affects only a small fraction of users.“We’ve undergone a thorough review of the information included in the files exposed and are confident that it only affected a small fraction of users and the customer impact is minimal. We are contacting those who have been impacted directly,”wroteTwitch.

The company also took a moment to apologize to the community for the security flaw.“We take our responsibility to protect your data very seriously. We have taken steps to further secure our service, and we apologize to our community,”reads the blog post.

With all that said, do keep in mind that all of these are applicable to the data released so far. To recall, theleaked datawas titled ‘part 1’, suggesting there’s more to come. We still don’t know what the second part of the leak consists of and if/ when it would surface online. As part of its mitigation efforts, Twitch has reset stream keys and encourages everyone toturn on two-factor authentication.

Subin writes about consumer tech, software, and security. He secretly misses the headphone jack while pretending he’s better off with the wireless freedom.