They hacked Twitch: what streamers and users risk

The data of hundreds of millions of Twitch users has been stolen, including credit card data: what happened and what is at risk

After several rumors that chased each other throughout the day yesterday, following a message posted on Twitter by a cybersecurity researcher, there is now official confirmation: Twitch has been hacked and all of its users' data is for sale, totaling about 125 GB of confidential information among which there is even the platform's code.

Twitch is the streaming platform, bought by Amazon in 2014 for almost a billion dollars, most frequented by young fans of video games, TV series and nerd culture. In 2021, so far, Twitch "streamers" are as many as 9 million and some of them, like the famous professional gamer "Ninja", have over 16 million followers. That's why the news of the hacker attack caused so much concern and why Twitch itself had to admit the facts, yesterday afternoon. Twitch, however, has been very vague and has not stated what data has been stolen and what all its subscribers risk.

Twitch hacked: what happened

At 8:37 am Italian time yesterday, the Sinoc Twitter profile launches the news: "Twitch has been hacked. The entire site, the source code with comments for the website and various versions for consoles and phones. There is also a reference to an unreleased Steam competitor, payment data, encrypted passwords and other such things. I advise you to change your passwords."

Confirmation of this came from Twitch's official Twitter account, at 5:18pm Italian time: "We can confirm that there has been a data theft. Our teams are working urgently to understand the scope of this. We will provide updates to the community as soon as possible, when they become available. Thank you for your support." At 7:33 a.m. today comes a second official tweet, "Our investigation continues, we are analyzing all relevant logs and data to understand the impact of the data theft."

In short, the theft has happened, it's officially confirmed, but Twitch is still not disclosing how much and what data has been stolen, nor what users might risk. From unofficial reports, however, we learn that among the stolen data there are also the lavish fees received from 2019 to date by the most popular streamers.

Twitch hacked: change password now

The fact that the passwords of users (both content creators and simple viewers) have been stolen seems to be confirmed, however, by the fact that many people, when they try to access Twitch, now see a message telling them: "Wait! The password is not secure enough. Create a new, more secure password to protect your account."

If this isn't official confirmation, it's a close second. The problem, however, is that even entering a strong enough password very often results in an error message, in which the user is prompted to enter a stronger one.

With regards to payment data, instead, in theory they are safe, but in practice not completely: payments on Twitch, as on all platforms, are made through the external services of whoever issued the payment card used, so hackers could only steal the card number entered in the user profile.

That's enough, however, to try to "pierce" even credit and debit cards. Consequently, it is essential for those who have not yet done so, to activate strong authentication for online payments on their cards.