Twitch resets stream keys for everyone but says passwords are safe after leak
Twitch has provided an update following the major breach that took place on October 6, reassuring users that login credentials should be safe, but resetting stream keys for everyone out of “an abundance of caution.”
On October 6, a data breach gathered over 120gb of internal Twitch materials, including source code and earnings data for top streamers, and even what appeared to be a Steam competitor in development from Amazon.
Twitch confirmed the breach had taken place later in the day, and said that they were working with urgency to understand the extent of it.
On October 7, the Amazon-owned platform provided an update, informing users that stream keys had been reset for everyone.
Twitch stream keys reset
A stream key is a unique number, used to link a broadcasters streaming software to their Twitch channel. It is one of the most protected pieces of data, as a stream key would be a crucial component if a malicious actor wanted to ‘hack’ into a channel and stream from it.
Twitch even tells user not to share their stream key with Twitch staff, to protect it.
“Out of an abundance of caution, we have reset all stream keys,” Twitch said on its blog. “Depending on which broadcast software you use, you may need to manually update your software with this new key to start your next stream.”
What about Twitch passwords?
One of the big fears following the breach was that infomation like users passwords was at risk. Some believed that the data was in the leak, but encrypted, and so unless targeted, would remain private.
However, in their blog, Twitch states “At this time, we have no indication that login credentials have been exposed. We are continuing to investigate.”
So, while you may want to change your password out of caution, for the time being, there is little need to panic.
Update October 15: Twitch has updated its official blog with good news for streamers and viewers alike. They stated that everything has been secured following the massive security breach, as well as also confirming login data and credit card/bank information were not compromised in the leak.