Twitch says no passwords or login credentials leaked in massive breach

Twitch has come out with a new statement denying the severity of the breach that drew headlines earlier this month

The gaming platform reiterated that the incident was caused by a “server configuration change that allowed improper access by an unauthorized third party.”

They claimed Twitch passwords were not exposed in the breach and said they are “confident” that the systems storing Twitch login credentials, which are hashed with bcrypt, were not accessed, nor were full credit card numbers or ACH/bank information. 

“The exposed data primarily contained documents from Twitch’s source code repository, as well as a subset of creator payout data. We’ve undergone a thorough review of the information included in the files exposed and are confident that it only affected a small fraction of users and the customer impact is minimal. We are contacting those who have been impacted directly,” the company said. 

An unknown hacker leaked the entirety of Twitch’s source code among a 128 GB trove of data released on October 6.

The data included creator payouts going back to 2019, proprietary SDKs and internal AWS services used by Twitch, as well as all of the company’s internal cybersecurity red teaming tools.

While much of the press attention initially focused on the

Read More: