After confirming the data breach last week, Twitch has now given more details on the security incident. In an update to its blog post, the live streaming service says it has fixed the configuration issue that allowed unauthorized access. Furthermore, Twitch says no passwords were compromised.
Twitch Passwords Not Compromised in Attack
According to Twitch, attackers were not able to leak the passwords of their users. Twitch also highlighted that it uses bcrypt password hashing function for hashing passwords. Credit card numbers and other banking information are safe too.
After acknowledging that the exposed data contained Twitch’s source code and a subset of creator payout data, Twitch said the attack affects only a small fraction of users. “We’ve undergone a thorough review of the information included in the files exposed and are confident that it only affected a small fraction of users and the customer impact is minimal. We are contacting those who have been impacted directly,” wrote Twitch.
The company also took a moment to apologize to the community for the security flaw. “We take our responsibility to protect your data very seriously. We have taken steps to further secure our service, and we apologize to our community,” reads the blog post.
With all that said, do keep in mind that all of these are applicable to the data released so far. To recall, the leaked data was titled ‘part 1’, suggesting there’s more to come. We still don’t know what the second part of the leak consists of and if/ when it would surface online. As part of its mitigation efforts, Twitch has reset stream keys and encourages everyone to turn on two-factor authentication.