Twitch, a popular gaming community, has announced that attackers may have breached its networks and gained unauthorized access to some of its users’ accounts.
In a blog post published on its website, Twitch personnel explain that they have expired all users’ current passwords as a precautionary measure. This means that users will need to create a new password when they next attempt to log in to their accounts.
Twitch has also expired all steam keys and have disconnected all users’ accounts from external sites, including YouTube and Twitter.
“We recommend that you change your password at any website where you use the same or a similar password,” the post concludes. “We will communicate directly with affected users with additional details.”
True to its word, Twitch has reached out to a number of affected users via email and detailed what personal information may have been compromised by the breach.
The customer emails begin as follows: “We are writing to let you know that there may have been unauthorized access to some of your Twitch user account information, including possibly your Twitch username and associated email address, your password (which was cryptographically protected), the last IP address you logged in from, and any of the following if you provided it to us: first and last name, phone number, address, and date of birth.”
Per the email above, the gaming site has revealed that it secured users’ passwords using some cryptographic protections. It is currently unclear how strong those protections were, however.
Additionally, Twitch has stated that the attackers may have employed malware to capture some passwords in plaintext when users logged into the site earlier this month.
Twitch, a gaming community website that allows users to stream their games online so others can watch, has reportedly 100 million monthly viewers, reportedly making it the fourth largest site in terms of peak traffic behind Netflix, Apple, and Google.
Last year, Amazon outbid YouTube to acquire Twitch for $970 million.