Early this morning in the U.S. reports of a massive breach and leak of Twitch started to trickle out. VGC was able to verify that files related to Twitch, were out there publicly and able to be downloaded from 4chan at the time of their writing.
Twitch has now acknowledged the breach and put out this statement:
Here’s what the breach included according to VGC:
- The entirety of Twitch’s source code with comment history “going back to its early beginnings”
- Creator payout reports from 2019
- Mobile, desktop and console Twitch clients
- Proprietary SDKs and internal AWS services used by Twitch
- “Every other property that Twitch owns” including IGDB and CurseForge
- An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios
- Twitch internal ‘red teaming’ tools (designed to improve security by having staff pretend to be hackers)
Obviously, this is massive and it goes without saying that you should absolutely change your Twitch password and set up 2FA if you haven’t already.
You can do this by clicking your profile on the top right corner of the screen while logged into Twitch. then hit Settings towards the bottom of that menu. Then, from this screen, hit Security and Privacy. Here you can add a phone number for 2FA, change your password, and/or add an authenticator app.
Taking all of these steps should make your account and data as secure as it can possibly be following this breach.
If Twitch updates us with any additional details, we’ll update this post.