Twitch has released an update on a massive hack that appears to have exposed source code, streamer payment figures and other information. It said that data was exposed to the internet “due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party.” It added that its teams are working with “urgency” to investigate the attack.
The Amazon-owned streaming site added that it has “no indication” that any login credentials, including passwords, were exposed. “Additionally, full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed,” the company said.
Twitch also said that “out of an abundance of caution, we have reset all stream keys,” and provided a link to get a new one. Depending on the broadcast software you use, you may need to manually update your software to start a new stream. “Twitch Studio, Streamlabs, Xbox, PlayStation and Twitch Mobile App users should not need to take any action for your new key to work,” it wrote. “OBS users who have connected their Twitch account should also not need to take any action.”
However, if you haven’t connect your OBS account to Twitch, you’ll need to manually copy your stream from the Twitch Dashboard and paste it into OBS. “For all others, please refer to specific setup instructions for your software of choice.”
Yesterday, attackers said they stole the “entirety of Twitch.tv,” including the site’s mobile, desktop and console Twitch clients. It also accessed proprietary SDKs and internal AWS services, red-teaming tools and more. All of that information could make Twitch vulnerable to future attacks by letting potential hackers probe for weaknesses.
The leak also shows creator payments in the millions for streamers like xQc, Nickmercs and Shroud. Several have confirmed that the figures are accurate.
Twitch said that the investigation is ongoing. “We are still in the process of understanding the impact in detail,” the company wrote.
Update 10/7/2021 4:54 AM ET: Twitch has reset all stream keys and advised users on how to update their software. That information has been added to the article.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.