Cybersecurity sucks. It feels like every day we learn about another hack or leak that throws our private digital lives out in the open. Unfortunately, I’m here sharing yet another one of these stories; this time, the company is Twitch, which suffered a major information leak. Suffice it to say, you should change your Twitch password ASAP.
According to developer Sinoc, the entire Twitch website was leaked. Not some user information, not a percentage of passwords, but the whole website, start to finish. Sinoc shared the news in an early-morning tweet on Wednesday, Oct. 6:
https://t.co/7vTDeRA9vt got leaked. Like, the entire website; Source code with comments for the website and various console/phone versions, refrences to an unreleased steam competitor, payouts, encrypted passwords that kinda thing.
Might wana change your passwords.
— Sinoc (@Sinoc229) October 6, 2021
It’s not great news, to be sure. We expect the Twitch team is currently having a terrible, horrible, no good, very bad Wednesday morning. While there’s no way to retract the information that leaked here, there are steps you can take to protect your account and to mitigate any further damage that bad actors could inflict.
How to change your Twitch password
First and foremost, you should change your Twitch password. To do so, head to your profile, click Settings, then choose “Security and Privacy.” Under Security, choose “Change password.” Ignore Twitch’s warnings about invalidating your stream key and revoking access from 3rd party services; changing your password at this stage is non-negotiable.
Enter your existing password into the “Old Password” field, then enter your new one into the “New Password” and “Confirm Password” fields. Now, choose “Change Password” to save it. We implore you to make this password strong and unique, as we do for all of your accounts. Keep in mind that if you use your leaked Twitch password for other accounts, those credentials are now compromised; you’ll need to change those passwords as well.
How to set up two-factor authentication for your Twitch account
While you’re at it, please set up two-factor authentication for your Twitch account. That adds an extra layout of protector to your account, since you’ll need both your username and password, as well as a generated code from an authenticator app or text message to log in to your account. You can get started by clicking “Set Up Two-Factor Authentication” underneath the Password section, then click “Enable 2FA.”
Start by sharing your phone number with Twitch. This information will give the site the ability to send you a text for 2FA as a backup if you can’t access an authenticator app. Twitch will test that number by sending you a code; enter the code from your message into the field, then continue. If you’re setting up 2FA on desktop, you’ll now be prompted to download an authenticator app. You can use any that you want, but Twitch recommends Authy. If you have an iPhone running iOS 15, you have an authenticator built-in to your saved passwords. You can learn more about using it in our guide here.
Once you have your app, you can connect it by scanning the QR code Twitch presents on-screen. Once connected, enter the code generated by the authenticator app into the provided field on Twitch; so long as the code matches, you’re all set.
How to reset your stream key on Twitch
If you’re a streamer, you’ll also want to reset your stream key. This key is unique to your account, and allows Twitch to know that it’s your account sharing audio and video on their platform. Twitch is adamant that you never show anyone this key, but seeing as the entire site leaked, you should assume that problem is out of your hands now.
Luckily, it’s easy to reset your key, so that anyone who takes a look at your old one won’t be able to use it. Just click your profile, then click “Creator Dashboard.” Now, head to Settings, choose “Stream,” then click “Reset” next to Primary Stream Key. A green checkmark will confirm your key is reset.