If you click on a link and make a purchase we may receive a small commission. Read our editorial policy.

Twitch say logins and credit card numbers weren't exposed in hack

128GB of source code and data leaked after a huge hack

Livestreaming platform Twitch was recently hacked, hard, and a huge chunk of yoinked data was leaked publicly yesterday. Source code for the site and loads of Twitch projects were shared in a 128GB torrent, along with earnings numbers for streamers. Twitch say they "are still in the process of understanding the impact in detail" but so far, it seems login credentials and credit card numbers are safe. They have also reset stream keys, just in case.

Cover image for YouTube videoVideo Game Music Quiz - Can You Guess The Adventure Game From The Tune?

"We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party," the company said in a statement posted overnight. "Our teams are working with urgency to investigate the incident."

The leak appeared to include source code for Twitch's website, an unreleased so-called "Steam competitor" platform from Amazon, Twitch-owned services like IGDB and CurseForge, security-testing tools, the various Twitch clients, and more. The leaker also dropped in payout financial data for streamers from 2019 to now, which unsurprisingly is what most caught the public eye. But while loads of their stuff got stolen, apparently some of your stuff is fine.

"At this time, we have no indication that login credentials have been exposed. We are continuing to investigate," Twitch said in their new statement.

"Additionally, full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed."

They've also taken steps to ensure wrong'uns can't stream from your account, just in case that info got out. "Out of an abundance of caution, we have reset all stream keys," says an e-mail sent to Twitchers this morning. Depending on which streaming software you use, you might need to feed it the new code before you can go live again.

Whole lot of personal information still got out there. The payout numbers, yeesh. While people could always estimate subscriber earnings from the sub count, seeing numbers laid out in a list has sent looky-loos into a judgmental frenzy.

I'd still change your password too, if I were you. Just in case. And make sure you've enabled two-factor authentication.

Rock Paper Shotgun is the home of PC gaming

Sign in and join us on our journey to discover strange and compelling PC games.

Related topics
About the Author
Alice O'Connor avatar

Alice O'Connor

Associate Editor

Alice has been playing video games since SkiFree and writing about them since 2009, with nine years at RPS. She enjoys immersive sims, roguelikelikes, chunky revolvers, weird little spooky indies, mods, walking simulators, and finding joy in details. Alice lives, swims, and cycles in Scotland.

Comments