The online streaming service is reporting that there may have been “unauthorized access” to user´s account information and is resetting all passwords.
The news that Twitch had been hacked was quietly broken on the site´s blog yesterday, and many users only realised that there was a problem with their accounts after attempting to login and discovering that their passwords had been erased.
Subsequently Twitch users and streamers randomly received emails advising them that a breach of security had occurred, but the Amazon-owned company has remained silent about what information may have been accessed without authorization or how many members may have been affected.
Twitch Gets it Wrong with Password Requirements
In the email distributed to members, Twitch advised everybody that the next time they attempted to log in they would be prompted to create a new password. Initially the site requested that a strong password should be used, but after receiving complaints that the password requirements were too hard, Twitch allowed users to create new passwords using only eight characters.
This reversal of standard security procedures drew an intense amount of criticism from security experts, who universally condemned Twitch for making a future hack simpler. The experts pointed out that although the passwords are encrypted, personal information such as names, addresses and other personal information are not; and – once a Twitch account has been breached – that information could be used for identity fraud on a grand scale.
IMPORTANT THAT EVERY USER REVIEW THEIR PASSWORD USE
Twitch was also criticized for skirting over the fact that if users used the same password for their Twitch account as for other (supposedly) secure accounts, those accounts could also be compromised in the near future – for example, if you used the same password for your Twitch account as you used for an online poker site, an “unauthorized person” could be in your online poker account right now, changing your banking details and withdrawing your bankroll.
The passwords that you use should be unique for each account you register with. Ideally a reputable password manager with a random password generator should be used to make it as difficult as possible for a hacker to break into an account. Although it can be an inconvenience to go through all your passwords and change them (and change them regularly) it reduces the risk of your personal details being compromised and used to create bogus identities, read your emails or raid your online eWallets.
Is This the End for Twitch?
Probably not. With more than 50 million unique viewers each month, Twitch recently won the category of “Poker Innovation of the Year” at the GPI American Poker Awards. The service has a long history of being used to live stream video games, and – judging by the complaints that were received regarding complex passwords – many of its users have no idea about Internet security.
Undoubtedly the reputation of Twitch has been harmed by this “unauthorized access”, the way in which it announced the breach and responded to it. Hopefully the site will learn lessons from its poor management of the hack and tighten up its security. Until then, avoid using any passwords for Twitch that you may use on other secure websites and change your password on any site that shared the same password as you previously used to access your Twitch account.