The Amazon-owned video game streaming website Twitch has been hacked. Twitch has informed its users that the hack has most likely resulted in leaking of their personal information and account information.
The website confirmed that it has already deleted the passwords that were encrypted and has also disconnected accounts from YouTube and Twitter. However, the site has faced severe criticism for condoning users setting vulnerable replacement passwords.
For those who don’t know: Twitch is an extremely popular video game streaming website; data collected in July, 2014 suggests that the site has over 55 million unique monthly users. Hackers are known for targeting popular websites; thus it’s not surprising that Twitch has been hacked.
Users of the website were the first to know about the possible hack. Twitch sent an email to its users for letting them know about unauthorized access to some of their Twitch account information, which possibly include their username, associated email id, password (passwords were protected cryptographically), the IP address from which the user logged in last and personal information such as name, address, phone number, date of birth etc.
However, when contacted by the media, Twitch spokesperson declined to confirm whether the site has issued the email just as a precautionary measure or a security breach has actually occurred.
A section of Twitch users complained that the site’s minimum requirements for replacement passwords are extremely restrictive. This forced the site to lower its threshold and ask for passwords with only 8 digits.
Security experts have reacted furiously to this decision of Twitch. According to them, when a hack takes place, companies usually look to strengthen security, but Twitch has done exactly the opposite just for keeping its grumbling users happy.
In one of his recent blog posts, Graham Cluley, a renowned security expert, wrote that users must understand that their accounts can be protected from unscrupulous individuals just by using a password manager.
Twitch has not uttered a single word regarding the number of accounts that have been compromised or the time span of the hack.
This is not the first time the video game streaming website is facing such a situation. In August 2014, it was hacked by Lizard Squad, an activist hacker group. The incident took place right after Twitch’s acquisition by ecommerce giant Amazon.