The game focused live streaming platform Twitch has today advised its users to change their passwords after they noticed “unauthorized access to some Twitch user account information”.
The service announced the news on their blog, where they also noted that they have already expired user passwords and stream keys to protect its users, as well as disconnecting accounts that have linked to Twitter or YouTube.
Because of this all users will be asked to create a new password upon their next login.
They also recommend that users should change the password to any other sites or services where they have the same or similar password.
Here’s the full post:
We are writing to let you know that there may have been unauthorized access to some Twitch user account information.
For your protection, we have expired passwords and stream keys and have disconnected accounts from Twitter and YouTube. As a result, you will be prompted to create a new password the next time you attempt to log into your Twitch account.
We also recommend that you change your password at any website where you use the same or a similar password. We will communicate directly with affected users with additional details.
Update: VentureBeat has since added to this, posting a message that it claims to have got from one of their readers, who states that it came from Twitch themselves.
Here’s the email:
We are writing to let you know that there may have been unauthorized access to some of your Twitch user account information, including possibly your Twitch username and associated email address, your password, the last IP address you logged in from, limited credit card information (card type, truncated card number and expiration date), and any of the following if you provided it to us: first and last name, phone number, address, and date of birth.
PLEASE NOTE: Twitch does not store or process full credit or debit card information, so your card number is safe.
While we store passwords in a cryptographically protected form, we believe it’s possible that your password could have been captured in clear text by malicious code when you logged into our site on March 3rd.
Source: Twitch Blog