Security Watch

Keeping Track of patches and hacks in the IT security world.

Twitch Has Users Reset Passwords After Possible Hack

If you're a Twitch user, reset your password. Better yet, regardless of the site or service, don't use the same password on multiple sites.

username and password security

Gamers are used to being attacked. After all, one of the most common genres of video gameplay are first-person shooters (FPS), where players attack others. While gamers are used to being attacked inside of games, they are now being advised of a possible hack against gaming live-streaming service Twitch.

In a blog post published March 23, Twitch warned that there may have been unauthorized access to user account information. Twitch has not publicly disclosed how the unauthorized access may have occurred or when the incident was first detected.

"For your protection, we have expired passwords and stream keys and have disconnected accounts from Twitter and YouTube," Twitch stated. "As a result, you will be prompted to create a new password the next time you attempt to log in to your Twitch account."

Twitch, which Amazon acquired for $1.1 billion in August 2014, claims to have 100 million community members who watch feeds from more than 1.5 million game broadcasters. According to Twitch, its platform ranked fourth in the United States, behind Netflix, Google and Apple for peak Internet traffic in February.

If the unauthorized access, in fact, turns out to be an attack, Twitch will join a list of other gaming technologies that have been attacked in recent years. Sony's PlayStation network and Microsoft's Xbox live were both attacked during the 2014 Christmas holiday period.

Although Twitch is taking action and getting users to reset their passwords, the biggest danger actually lies outside Twitch: password reuse. Simply put, many users will reuse the same password for multiple sites. Given that accounts are usually tied to email addresses, which are also reused, it's possible that an attacker who gets a dump of email addresses and passwords could use that information to attack other sites.

The password reuse attack scenario is has played out before. In September 2014, WordPress had to reset 100,000 user passwords, after a leak of 5 million Google account passwords.

The risk of password reuse is also something that Facebook takes very seriously. In October 2014, Facebook announced an effort to proactively look in locations where stolen usernames/passwords are dumped to help protect those who may have reused a password.

So if you're a Twitch user, reset your password, and perhaps even more importantly, regardless of the site or service, don't use the same password on multiple sites.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.