Twitch user info breached, users prompted to change passwords
Some unsavory types have breached Twitch and may have accessed user account information. Users are being prompted to change their passwords.
Twitch is alerting users of a possible data breach. As a result, user information may have been accessed and the company is prompting users to change their passwords.
The full statement is on the Twitch blog:
"For your protection, we have expired passwords and stream keys and have disconnected accounts from Twitter and YouTube. As a result, you will be prompted to create a new password the next time you attempt to log into your Twitch account. We also recommend that you change your password at any website where you use the same or a similar password. We will communicate directly with affected users with additional details."
-
Shacknews
replyOzzie Mejia posted a new article, Twitch user info breached, users prompted to change passwords
-
-
Yeah love that especially coming from a site where apparently they apparently didn't make that great of an effort to secure their shit.
-
Well if you are still choosing passwords (instead of using autogen passwords and KeePass/LastPass) I would strongly suggest you re-evaluate your approach to web security. I just changed one random 20-char password for another, and I don't have to worry about whether I used the password at other sites or something.
-
Stuff that I care about uses two factor or has additional, non-web based protections.
Stuff like twitch? I'm not a streamer nor do I sub to any channels, so literally the only info contained within my twitch account is the channels I follow. If someone wants to hijack that - more power to them. I'll pick something silly and stupid.-
I'm at the point with KeePass where a random pw and something silly and stupid are equally easy. Also, silly pws have a way of becoming overused over time. Like maybe it's used for a site you don't care about but then 2 years later you care more about the site than you used to. Or maybe you reuse your silly pw and then the total sum of all accounts using that pw is something you might care more about protecting than the individuals.
-
-
-
-
said 'Great!' for me
-
LastPass makes dealing with stuff a two-click affair, sweet.
-
Not exactly, for this site. Wish twitch had the auto password ability as some of the larger sites.
-
-
Thanks for the heads up!
-
You also will have a new streaming key according to the info here: http://thenextweb.com/insider/2015/03/23/twitch-accounts-were-compromised-passwords-being-reset/
GG Twitch. At least we heard about the compromise and action was taken quickly.
-
[deleted]
-
-
[deleted]
-
-
-
-
-
[deleted]
-
That's amazing, I've got the same password on my luggage
-
Y<a19(bCD1O1|yw_1ENY@6c2IoM267Vj%%1Ch,gd1FF636Pz8snG5J547
-
I still just use "password" for everything. No problems yet.
-
everyone blame kill9
-
-
[deleted]
-
You do not in fact need nuclear launch codes.
http://gizmodo.com/for-20-years-the-nuclear-launch-code-at-us-minuteman-si-1473483587-
If you can break into layers of concrete and armed guards with Quick Reaction Forces to the point of entering a code, knock yourself out. The beers are in the 3rd closet too.
-
-
-
-
[deleted]
-
-
-
-
-
There is an offline mode in lastpass https://helpdesk.lastpass.com/your-lastpass-vault/#Offline+Access+to+Your+LastPass+Vault
-
-
-
I use a nice high-entropy password that's not super long that I have memorized to protect the DB, and it's also kept as a private file on my DropBox which has a cryptographically strong password (stored in the DB of course!). So there are local and cloud copies of the DB but all pretty well protected and given the brute-force resistance of KeePass I'm not too worried about it even if a computer or phone were stolen. If I get a new device, let's say a new computer or something, I download DropBox, use my phone to open KeePass there and show my password, then I type the DropBox password in and my DB gets synced. Then I download KeePass and I'm good to go on the new device. Open KeePass with memorized pw, select site, Ctrl-C, Ctrl-V is really fast and second nature at this point. I could set up auto-type but I rarely use it because it's not honestly a chore to handle this way.
-
-
-
Yeah, it's really nice knowing that you never knew your pw in the first place so there's no mental space impacted by the leak, just regen in KeePass, update, and move on. I'm sold on this approach now too, I have very few human-generated passwords left now, which means they can be much stronger passwords and still pretty easy to remember.
-
-
Again? This exact thing happened a couple of years ago.
-
