Earlier this month, Twitch suffered a major security breach in which many details about the website and its streamers were leaked to the internet. While it seems the extent of the breach is still being investigated, Twitch has provided an update about its findings so far, and it’s made a big confirmation for users who were worried that their personal information or login credentials were leaked.
In an update published to the Twitch blog earlier today, the company started by reiterating that the “incident was a result of a server configuration change that allowed improper access by an unauthorized third party.” Twitch says that the configuration issue has since been fixed and the company’s systems secured.
Twitch then went on to say that Twitch passwords haven’t been exposed, which is good news indeed. When news of the breach first broke, it was unclear if passwords had been revealed, but Twitch said early on that it had no indication that login credentials were compromised. Now it seems to have confirmation that at least passwords were left untouched.
“We are also confident that systems that store Twitch login credentials, which are hashed with bcrypt, were not accessed, nor were full credit card numbers or ACH / bank information,” Twitch added. “The exposed data primarily contained documents from Twitch’s source code repository, as well as a subset of creator payout data. We’ve undergone a thorough review of the information included in the files exposed and are confident that it only affected a small fraction of users and the customer impact is minimal. We are contacting those who have been impacted directly.”
So, even though the customer impact is minimal, Twitch’s statement on the matter suggests that there’s still some kind of impact. If you’re a regular Twitch user, it might be a good idea to keep an eye on your email to see if you’re one of the users Twitch is reaching out to directly.