Oct 15, 2021

Updates on the Twitch Security Incident


[10/15/2021 @ 8:00AM PT]

As we said previously, the incident was a result of a server configuration change that allowed improper access by an unauthorized third party. Our team took action to fix the configuration issue and secure our systems.

Twitch passwords have not been exposed. We are also confident that systems that store Twitch login credentials, which are hashed with bcrypt, were not accessed, nor were full credit card numbers or ACH / bank information.

The exposed data primarily contained documents from Twitch’s source code repository, as well as a subset of creator payout data. We’ve undergone a thorough review of the information included in the files exposed and are confident that it only affected a small fraction of users and the customer impact is minimal. We are contacting those who have been impacted directly.

We take our responsibility to protect your data very seriously. We have taken steps to further secure our service, and we apologize to our community.

[10/7/2021 @ 1:00AM PT]

Updates regarding Stream Keys 

Out of an abundance of caution, we have reset all stream keys. You can get your new stream key here: https://dashboard.twitch.tv/settings/stream.

Depending on which broadcast software you use, you may need to manually update your software with this new key to start your next stream: 

  • Twitch Studio, Streamlabs, Xbox, PlayStation and Twitch Mobile App users should not need to take any action for your new key to work. 
  • OBS users who have connected their Twitch account should also not need to take any action. OBS users that have not connected their Twitch account to OBS will need to manually copy their stream key from their Twitch Dashboard and paste it into OBS. 
  • For all others, please refer to specific setup instructions for your software of choice. 

[10/6/2021 @ 10:30PM PT]

We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party. Our teams are working with urgency to investigate the incident.

As the investigation is ongoing, we are still in the process of understanding the impact in detail. We understand that this situation raises concerns, and we want to address some of those here while our investigation continues.

At this time, we have no indication that login credentials have been exposed. We are continuing to investigate.

Additionally, full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed.

In other news
Oct 25, 2021

So you want to work at Twitch? Meet the GSOC team, with Elliot Fenech!

Elliot Fenech shares what it is like to work on the Global Service Operations Center (GSOC) team, the first responders to infrastructure failures that prevent Twitch’s video broadcast from working
So you want to work at Twitch? Meet the GSOC team, with Elliot Fenech! Post
Sep 29, 2021

Securing your Chat with Phone and Email Verification

Securing your Chat with Phone and Email Verification Post