Twitch has confirmed that passwords remain secure following a recent data leak. In an update posted on October 15, the streaming company said that passwords, login credentials, and full credit card numbers weren't compromised during the "security indecent."
"Twitch passwords have not been exposed. We are also confident that systems that store Twitch login credentials, which are hashed with bcrypt, were not accessed, nor were full credit card numbers or ACH / bank information," wrote the company.
Twitch claims the breach was the result of a server configuration change that allowed "improper access by an unauthorized third-party." Early reports suggested the culprit had managed to leak the platform's source code along with creator payout reports, and it seems like those rumblings were accurate.
"The exposed data primarily contained documents from Twitch's source code repository, as well as a subset of creator payout data," continues the statement. "We've undergone a thorough review of the information included in the files exposed and are confident that it only affected a small fraction of users and the customer impact is minimal. We are contacting those who have been impacted directly.
"We take our responsibility to protect your data very seriously. We have taken steps to further secure our service, and we apologize to our community."
Twitch chose to reset all stream keys out of an abundance of caution, and warned users they may need to manually update their broadcast software as a result.