Twitch confirms passwords weren’t exposed in October 6th security breach

However, Twitch said the exposed data 'contained documents' from its source code repository

Twitch website on Android phone

Amazon-owned Twitch, a popular streaming service, has confirmed that passwords weren’t exposed in the recent data breach that saw the platform’s source code leaked online.

In an update posted on October 15th, Twitch explained that it is “confident” that attackers didn’t access the systems that store Twitch login credentials. It also confirmed that attackers didn’t access full credit card numbers or bank information.

On October 6th, a massive trove of Twitch data was made available for download online. The data included Twitch source code, creator payout information, an unreleased competitor to Steam (a popular platform for buying PC games) and more.

Twitch later confirmed the leak, and in the latest update, provided some more information about the data exposed by the security breach:

“The exposed data primarily contained documents from Twitch’s source code repository, as well as a subset of creator payout data. We’ve undergone a thorough review of the information included in the files exposed and are confident that it only affected a small fraction of users and the customer impact is minimal. We are contacting those who have been impacted directly.”

Twitch previously blamed the breach on an error in a “server configuration change” and said it had reset all stream keys “out of an abundance of caution.”

The Verge notes that sources have spoken out about Twitch, accusing the company of poor security practices. Further, the sources claimed that Twitch experienced a security problem in 2017 but didn’t report it.

Source: Twitch Via: The Verge