X

'Some' Twitch user accounts possibly accessed in hack

To protect its 100 million users, the live-stream video service for gamers says it has reset all passwords and disconnected user accounts from Twitter and YouTube.

Don Reisinger
CNET contributor Don Reisinger is a technology columnist who has covered everything from HDTVs to computers to Flowbee Haircut Systems. Besides his work with CNET, Don's work has been featured in a variety of other publications including PC World and a host of Ziff-Davis publications.
Don Reisinger
3 min read

Some user information may have been stolen in a hack.

Twitch, which enables gamers to live-stream their game play, has likely been hacked.

Twitch, which is owned by Amazon, said in a blog post Monday that it discovered possible "unauthorized access to some Twitch user account information." The company provided few details but did say that all user passwords have been reset and that accounts connected to Twitter and YouTube to promote live streams have been disconnected.

According to the Wall Street Journal, which obtained a copy of an e-mail that Twitch sent to affected users, Twitch said that passwords, e-mail addresses, user names, home addresses, phone numbers, and dates of birth may have been accessed. The company has not outright confirmed a breach, saying that it's still investigating.

Amazon bought Twitch last year for $970 million. Twitch is the most popular social video platform for gamers, allowing them to live stream game content and communicate with friends and fans. In February, Twitch boasted that its community now has more than 100 million members and 1.5 million broadcasters. In February 2014, Twitch accounted for 1.8 percent of all US Internet traffic at peak times, putting it behind Netflix, Google, and Apple, which combined account for more than 58 percent share. Meanwhile, Hulu, Facebook, and Amazon, among others, trailed Twitch.

If Twitch was hacked, it would be just the latest in a string of attacks on major companies over the past few years. In December 2013, retail giant Target said that hackers stole credit card data for more than 110 million customers. Major hacks reported in 2014 and 2015 include those on department store Neiman Marcus, restaurant chain P.F. Chang's, crafts-supplies chain Michaels Stores, hardware chain Home Depot, office-supplies chain Staples and insurance provider Anthem. One of the most notable breaches last year hit Sony Pictures. The hackers released private e-mails of Sony executives, as well as screenings of upcoming films.

The Twitch hack may have centered on simply getting data. By accessing the data, hackers could use it in a range of phishing attacks designed to target people through their e-mail addresses and get them to click on links to steal sensitive information. Attacks have also resulted in hackers selling user data on the Web's black market, allowing criminals to steal goods with another person's identity.

"Gaming sites have always been a lucrative target," ESET security specialist Mark James said Tuesday. "Not only do they represent gamers that may use the same login and passwords as similar sites but they also enable the possibility of other electronic goods to be stolen and sold elsewhere, in game items, in game gold."

Twitch said it plans to provide more details about the incident. Meanwhile, the company has urged its users to use strong passwords.

James agreed. "There's no perfect advice for when your details are stolen but changing your password is certainly one of the best," James said. "The very best is to strengthen the importance of having unique passwords for each and every login you have - that way if your password is found it's useless on another site."

Twitch did not immediately respond to CNET's request for comment.