PSA: Twitch May Have Been Hacked - Passwords Have Been Reset

PSA: Twitch May Have Been Hacked - Passwords Have Been Reset

cybercrime

As a precaution to a possible breach, Twitch has reset all passwords and stream keys.

Those of you with a Twitch account, just a quick PSA that the company has sent out an official notice warning that the service may have been breached, and personal data may have been accessed. At this point, it isn't quite sure of the damage, but as a precaution has reset all users passwords and stream keys, and disconnected all Twitter and YouTube accounts. Users will be prompted to enter a new password the next time they try to log on. The full statement is as follows:

We are writing to let you know that there may have been unauthorized access to some Twitch user account information.

For your protection, we have expired passwords and stream keys and have disconnected accounts from Twitter and YouTube. As a result, you will be prompted to create a new password the next time you attempt to log into your Twitch account.

We also recommend that you change your password at any website where you use the same or a similar password. We will communicate directly with affected users with additional details.

Sincerely,
Twitch Staff

Twitch offer some hints to users on how to create a good password, citing "Applesauce1!" as a bad example, and "[email protected]$auce?" as a good one (hint: do not use "[email protected]$auce?" as your password). In response to user feedback, it has lowered the minimum required characters for the password to eight.

Source: Twitch

Permalink

... I love that picture... Put a ski mask on someone and immediately they seem to become a criminal... Even though he has no reason to be wearing it at all considering if he's got any sense he's inside where no one can see him anyway and if he is outside where people can actually see him... Well see aforementioned comment and insert irony where appropriate.

Kappa

rasta111:
... I love that picture... Put a ski mask on someone and immediately they seem to become a criminal... Even though he has no reason to be wearing it at all considering if he's got any sense he's inside where no one can see him anyway and if he is outside where people can actually see him... Well see aforementioned comment and insert irony where appropriate.

Kappa

Maybe the person is quickly trying to record a ransom video message via built-in webcam to be sent to the person who's laptop he stole it from?

OT: Darn it! *sigh* Time to update my Twitch profile I guess...

Arnoxthe1:

Maybe the person is quickly trying to record a ransom video message via built-in webcam to be sent to the person who's laptop he stole it from?

Perhaps it's some kind of complex double bluff strategy... "What are you looking at, I'm planning my ski trip to the mountains, mind your business... I've had it up to here with everyone assuming I'm up to no good just because I'm wearing a ski mask."

"Chill out man I was just passing by..."

rasta111:

Arnoxthe1:

Maybe the person is quickly trying to record a ransom video message via built-in webcam to be sent to the person who's laptop he stole it from?

Perhaps it's some kind of complex double bluff strategy... "What are you looking at, I'm planning my ski trip to the mountains, mind your business... I've had it up to here with everyone assuming I'm up to no good just because I'm wearing a ski mask."

"Chill out man I was just passing by..."

Why is he wearing a silk shirt instead of a thick coat then?

Bad Jim:

Why is he wearing a silk shirt instead of a thick coat then?

Err, he's lying... He's a criminal remember? He just said he was going skiing because it was related to the ski mask, then he told you to mind your own business... Kappa

Oh, great, more password reseting for a threat that is likely not even real for a services where i dont really have anything worth securing with a password. Its about damn time we get DNA scan access....

and that second password is a horrible one btw. easy to forget and very multilingual keyboard unfriendly. dont use shit like this. there are better ways to make secure passwords.

rasta111:
... I love that picture... Put a ski mask on someone and immediately they seem to become a criminal... Even though he has no reason to be wearing it at all considering if he's got any sense he's inside where no one can see him anyway and if he is outside where people can actually see him... Well see aforementioned comment and insert irony where appropriate.

Kappa

Maybe his apartment is just really cold in the winter?

Strazdas:

Maybe his apartment is just really cold in the winter?

That's no fun, besides his apartment has windows, doors, walls and central heating I'm assuming anyway... How cold could it get? Personally I prefer the cold anyway.

At least then you can wear your nice snug ski mask, in the summer, what can you do? As a bonus when people call you a criminal you can tell them they're wrong and discriminating against ski masks in general.

Oh, ok. I got an email from Twitch last night saying that my password has been reset but I honestly thought it was spam mail and was a fake! I feel silly now . Ahh well, at least they took some precaution.

Minimum password length annoys me. 8 characters, what the hell.

Typical corporate bullshit admission to being lax with security and a generous helping of FUD - "some noncritical data might have been accessed but you really should do better with your passwords!". Fuck off twitch, this is like the 3rd time now.

It seems like I lost access to my main twitch account, since they no longer have my email attached to that account anymore. I don't even know how that's supposed to happen.I'd be upset if I ever subbed to a stream, but I guess I was lucky I'm cheap.

Also lucky it only took a couple minutes to re-follow all those streams. That could have been a real bitch to do again if I used twitch as much as youtube.

Padwolf:
Oh, ok. I got an email from Twitch last night saying that my password has been reset but I honestly thought it was spam mail and was a fake! I feel silly now . Ahh well, at least they took some precaution.

^This. I thought this had to be a fake to get you to log in to some fake sites to steal your information! HAHA

I really hate the current trend of trying to tell people to make passwords that aren't able to be remembered by anyone. Everyone will just end up using the same password and every site and it'll be worse off overall.

Make your password a sentence and put a special symbol in, the vast majority of crackers will run it one password at a time, bruteforcing it.

PasswordPhrases! < that are longer make your password really easy to remember and really difficult to brute force.

Nimcha:
Minimum password length annoys me. 8 characters, what the hell.

Its because any lower than that and you risk your password being bruteforced in four minutes (It's probably lower now). 8 isn't much better, taking around 4 hours at last count. Having a really long password will make it way harder to guess, due to the sheer amount of extra combinations you add by simply adding another character.

If your password was four digits long (lets just use numbers for simplicity) there would be 10,000 combinations. What happens if you add another digit? You have a hundred thousand more combinations that they have to try! Granted with good hashing its harder to hack nowadays, but good passwords make it harder!

 

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here