Twitch confirms that full credit card numbers were not exposed during recent data breach

All stream keys have also been reset "out of caution"

October 07, 2021 Twitch has issued an update on the data breach.

Earlier this week, word of a massive Twitch breach began to circulate online, with claims of alleged creator earnings information, unannounced projects in the works at Twitch and Amazon Game Studios, and early Twitch development code filling the internet. Representatives of the streaming service first confirmed that a breach has taken place, and have now clarified that some data was exposed due to an “error in a Twitch server configuration change”. Full credit card numbers have not been exposed as the streaming service doesn’t store full credit card numbers.

“We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party,” Twitch says in a statement. “Our teams are working with urgency to investigate the incident.

“As the investigation is ongoing, we are still in the process of understanding the impact in detail. We understand that this situation raises concerns, and we want to address some of those here while our investigation continues. At this time, we have no indication that login credentials have been exposed. We are continuing to investigate. Additionally, full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed.”

While there’s no indication that passwords may be among the compromised data, you’ll probably want to change yours and enable two-factor authentication on your account regardless. Twitch has additionally said that, “out of an abundance of caution”, it has reset all stream keys, with new ones obtainable via this link. “Depending on which broadcast software you use, you may need to manually update your software with this new key to start your next stream,” the company explains, offering details on how to do this in its statement here.

This news follows a VGC report from earlier this week which reported that an anonymous source at Twitch confirmed that the information contained in the leaks was, indeed, legitimate.

We previously reached out to Twitch for comment, and received the following: “We can confirm a breach has taken place,” a Twitch spokesperson told us via email. “Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.” The same statement was shared on the platform’s Twitter account.

You can get further information on setting up 2FA at the official site.

More recently, Twitch has had to contend with an increasing frequency of hate raids on its platform. As part of an effort to help streamers, additional phone and email verification options went live in September.