News

Twitch user info breached, users prompted to change passwords

Some unsavory types have breached Twitch and may have accessed user account information. Users are being prompted to change their passwords.

Ozzie Mejia

March 23, 2015 1:05 PM

Twitch is alerting users of a possible data breach. As a result, user information may have been accessed and the company is prompting users to change their passwords.

The full statement is on the Twitch blog:

"For your protection, we have expired passwords and stream keys and have disconnected accounts from Twitter and YouTube. As a result, you will be prompted to create a new password the next time you attempt to log into your Twitch account. We also recommend that you change your password at any website where you use the same or a similar password. We will communicate directly with affected users with additional details."

Ozzie Mejia

Senior Editor

Ozzie has been playing video games since picking up his first NES controller at age 5. He has been into games ever since, only briefly stepping away during his college years. But he was pulled back in after spending years in QA circles for both THQ and Activision, mostly spending time helping to push forward the Guitar Hero series at its peak. Ozzie has become a big fan of platformers, puzzle games, shooters, and RPGs, just to name a few genres, but he’s also a huge sucker for anything with a good, compelling narrative behind it. Because what are video games if you can't enjoy a good story with a fresh Cherry Coke?

Filed Under

Twitch
News

From The Chatty

Refresh Go To Thread

Shacknews

 reply
March 23, 2015 1:05 PM

Ozzie Mejia posted a new article, Twitch user info breached, users prompted to change passwords
- mobab
  
   reply
  March 23, 2015 1:38 PM
  
  The site tells you to pick a stronger password if what you entered is not strong enough. However, the site never defines what a strong password is composed of.
  - [deleted] 1348593195
    
     reply
    March 23, 2015 1:56 PM
    
    [deleted]
  - [deleted] 1124125937
    
     reply
    March 23, 2015 1:59 PM
    
    [deleted]
    - [deleted] 1348593195
      
       reply
      March 23, 2015 2:01 PM
      
      [deleted]
      - walker270
        
         reply
        March 23, 2015 2:14 PM
        
        Stuff that I care about uses two factor or has additional, non-web based protections.
        
        Stuff like twitch? I'm not a streamer nor do I sub to any channels, so literally the only info contained within my twitch account is the channels I follow. If someone wants to hijack that - more power to them. I'll pick something silly and stupid.
        
        [deleted] 1348593195
        
         reply
        March 23, 2015 2:41 PM
        
        [deleted]
        
        walker270
        
         reply
        March 23, 2015 3:08 PM
        
        I can handle my passwords fine.
        
        Generally, a silly password coincides with a silly username, so if I cared about it or got into it more than a new username/account would follow.
  - [deleted] 1211698195
    
     reply
    March 23, 2015 2:04 PM
    
    [deleted]
  - walker270
    
     reply
    March 23, 2015 3:12 PM
    
    Holy shit this is annoying.
  - harold.johnson
    
     reply
    March 23, 2015 11:08 PM
    
    said 'Great!' for me
- Opticom
  
   reply
  March 23, 2015 1:39 PM
  
  Oh, that's why I needed to change my pass. Lame.
- Broken Canoe
  
   reply
  March 23, 2015 1:51 PM
  
  LastPass makes dealing with stuff a two-click affair, sweet.
  - daroach1414
    
     reply
    March 23, 2015 2:01 PM
    
    Not exactly, for this site. Wish twitch had the auto password ability as some of the larger sites.
- xsoulbrothax
  
   reply
  March 23, 2015 1:55 PM
  
  Thanks for the heads up!
- [deleted] 1348593195
  
   reply
  March 23, 2015 1:59 PM
  
  [deleted]
  - [deleted] 1243182645
    
     reply
    March 23, 2015 6:02 PM
    
    [deleted]
    - [deleted] 1348593195
      
       reply
      March 23, 2015 6:20 PM
      
      [deleted]
      - [deleted] 1243182645
        
         reply
        March 23, 2015 8:38 PM
        
        [deleted]
- walker270
  
   reply
  March 23, 2015 1:59 PM
  
  I think my password was asdfasdfasdf2 or some shit like that.
  - [deleted] 465401080
    
     reply
    March 23, 2015 2:05 PM
    
    [deleted]
  - [deleted] 1355701334
    
     reply
    March 23, 2015 6:15 PM
    
    [deleted]
  - Squid Division
    
     reply
    March 23, 2015 10:30 PM
    
    That's amazing, I've got the same password on my luggage
  - harold.johnson
    
     reply
    March 23, 2015 11:09 PM
    
    Y<a19(bCD1O1|yw_1ENY@6c2IoM267Vj%%1Ch,gd1FF636Pz8snG5J547
    - biofrog
      
       reply
      March 24, 2015 12:56 AM
      
      x:~$ pwgen --symbols --numerals --capitalize 58 1
      Y<a19(bCD1O1|yw_1ENY@6c2IoM267Vj%%1Ch,gd1FF636Pz8snG5J547
      
      oh shiit!
- [deleted] 1681767352
  
   reply
  March 23, 2015 2:13 PM
  
  [deleted]
- Sludgehead
  
   reply
  March 23, 2015 2:17 PM
  
  I still just use "password" for everything. No problems yet.
- MercFox1
  
   reply
  March 23, 2015 2:19 PM
  
  Already changed, ezpz
- Chandler55
  
   reply
  March 23, 2015 2:26 PM
  
  everyone blame kill9
- rtricoche
  
   reply
  March 23, 2015 3:22 PM
  
  They can do what they like with my Twitch account. My account is bogus anyway.
- Ambient80
  
   reply
  March 23, 2015 4:07 PM
  
  Christ, do I need nuclear launch codes as my password now? I used one with multiple capitol letters, symbols, and numbers and it still says it's too weak. Wtf?
  - [deleted] 1050027680
    
     reply
    March 23, 2015 4:59 PM
    
    [deleted]
  - spazzium
    
     reply
    March 23, 2015 6:34 PM
    
    You do not in fact need nuclear launch codes.
    
    http://gizmodo.com/for-20-years-the-nuclear-launch-code-at-us-minuteman-si-1473483587
    - Sailor of Fortune
      
       reply
      March 23, 2015 11:15 PM
      
      If you can break into layers of concrete and armed guards with Quick Reaction Forces to the point of entering a code, knock yourself out. The beers are in the 3rd closet too.
- Arcath
  
   reply
  March 23, 2015 9:16 PM
  
  Tried to login and now I have been waiting on the reset email for 2-3 hours now.
  - [deleted] 1050027680
    
     reply
    March 23, 2015 9:22 PM
    
    [deleted]
    - Arcath
      
       reply
      March 23, 2015 11:43 PM
      
      Still no email but I'm going to bed. Hopefully tomorrow by the time I wake up maybe. Tried to reset 3 times so far though. I figure it's just a high server load or something though.
- [deleted] 1213392010
  
   reply
  March 23, 2015 10:28 PM
  
  [deleted]
  - Sapiens
    
     reply
    March 23, 2015 10:37 PM
    
    LastPass?
    - [deleted] 1213392010
      
       reply
      March 23, 2015 10:58 PM
      
      [deleted]
      - JohnathanDoe
        
         reply
        March 23, 2015 11:10 PM
        
        There is an offline mode in lastpass https://helpdesk.lastpass.com/your-lastpass-vault/#Offline+Access+to+Your+LastPass+Vault
  - [deleted] 1348593195
    
     reply
    March 23, 2015 11:18 PM
    
    [deleted]
  - Maarc
    
     reply
    March 24, 2015 1:02 AM
    
    Onedrive and a Master password for me.
    
    Syncs fine with windows, Windows phone and ios.
  - MercFox1
    
     reply
    March 24, 2015 7:26 AM
    
    Keyfile, back-up your DB offline, single use password for your PW DB,
- digital_d
  
   reply
  March 23, 2015 11:11 PM
  
  Lucky me, that's one of the few sites where I just let Keepass generate the password for me so it's completely random and secure.
  - [deleted] 1348593195
    
     reply
    March 23, 2015 11:20 PM
    
    [deleted]
- evildanish
  
   reply
  March 24, 2015 1:20 AM
  
  Again? This exact thing happened a couple of years ago.