Without actually saying the word "hacked," Twitch very carefully announced to all its users around 12:30 a.m. CST on October 6, 2021 that, well, there was a data breach. In other words, Twitch was hacked for 125GB worth of data.
"We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party," the company said to its users. "Our teams are working with urgency to investigate the incident."
What does the Twitch hack mean for users? A few important things.
First of all: don't freak out. After you've finished not freaking out, read these quick bullet points.
The Twitch Hack Did Not Affect Passwords (They Think)
According to Twitch, there is no indication that the data leaked to a third party included login credentials (despite previous reports that the leak did include this info). So, if you're scrambling to change your password, you can take a few breaths. Should you? It wouldn't hurt. Will you lose access to your channel if you don't? That's unlikely.
There is also an option to turn on two-factor authentication for your Twitch logins, meaning you'll need to confirm you are who you are via a secondary source (commonly a text to your phone or email to your email address). Two-factor is usually a smart idea regardless of the platform.
The Twitch Hack Did Not Include Credit Card Information
Twitch does not store full credit card info for its users, so if you used the platform to purchase things like bits or subscriptions, you're not at any increased risk of credit card fraud specifically due to this hack.
The Twitch Hack Did Include Stream Keys — And Twitch Already Changed Yours
Stream Keys — the unique string of digits necessary for your broadcast software (like OBS) to communicate with streaming platforms (like Twitch, YouTube, and Facebook etc.) — were part of the Twitch hack. And Twitch has already uniformly reset all stream keys for its clients. Which means you'll need to go back in to your settings, grab your new one, and plug it in to your preferred broadcast software before you go live again. If you're logged in to Twitch right now, you can access that here.
How Much Twitch Paid You Is Probably On The Internet Now
Streamer payouts dating back to 2019 were part of the Twitch hack. That means that if Twitch paid you for your subs, bits, or other on-platform earnings, it's part of this data breach. The data does not include anything related to PayPal donations etc. Naturally, a lot of people are going to use this to look at what the top streamers earn month to month directly from the platform.
If you're uncomfortable with your Twitch earnings potentially being available for others to see, you're in a tight spot here. It might be worth addressing these numbers with your viewers and fans (aka "community") head on. But if you're making a good living from Twitch, here's what you shouldn't do — apologize. There will be a natural inclination for people to scoff at what some people make, forgetting the countless hours this streamers put in to ultimately providing an entertaining and engaging experience. At the end of the day, Twitch users who get paid on Twitch do so because viewers decided to support them.
The Twitch Hack Included Source Code And Other Private Details
Additional information in the hack includes things like Twitch source code, proprietary software development kits, information around other Twitch properties, and data related to a reported Steam competitor that Amazon Game Studios has been building codenamed "Vapor" (wonder where the inspiration for that came from?).
Most of this data doesn't relate to users and will not affect streamers or viewers in any meaningful way. It's now up to Amazon and Twitch to decide their next steps related to this information.
We Don't Know Who Hacked The Information
The 125 GB of data were leaked to a notorious anonymous message board on Wednesday and made available for anybody to torrent. The anonymous hacker attacked Twitch in posting the document, saying, "Their community is also a disgusting toxic cesspool, so to foster more disruption and competition in the online video streaming space, we have completely pwned them."
Most streamers — especially those only earning a modest living from the platform — would likely agree that their fans and communities are not "a disgusting toxic cesspool." But the post was probably related to any number of recent issues, such as hate raids. The poster also used the hashtag #DoBetterTwitch, closely resembling a #TwitchDoBetter campaign some users promoted in response to issues around how the platform was handling hate and other issues.
As the leading livestreaming company owned by a corporate giant in the tech space, Twitch is a big target for criticism from all sides — whether they're legitimate concerns from users about protecting the integrity of the platform, or targeted cyber attacks designed to release mass amounts of private information related to everybody who has used the platform. While the hackers seem to be more focused on attacking the company itself, releasing this data to the entire world enables anybody to potentially use this information to harm users as well.
We'll keep you informed of any other major developments or updates related to the Twitch hack.