The company has reset all passwords and stream keys in addition to disconnecting accounts from Twitter and YouTube. Because of this, all users will need to create a new password the next time they log into Twitch. The Amazon-owned company said it’s also a good idea for users to change their passwords at any other site in which they use the same or even a similar password.
Twitch said it would reach out directly to impacted users with additional details. In one such e-mail obtained by Venture Beat, Twitch said credentials that may have been affected include usernames, e-mail addresses, passwords (which were cryptographically protected), the last IP address a user logged in from and any optional information that a user may have provided.
The latter includes first and last name, phone number, physical address and date of birth. Worse yet, limited credit card information (card type, truncated card number and expiration date) may also have been compromised. Twitch said it does not store or process full credit or debit card information so at least the card number is safe (but not much else it seems).
In addition to creating a new password, applicable users will need to reconnect their accounts with Twitter and YouTube. Twitch isn’t saying much more about the attack as of this writing but we’ll keep our ears open for any additional information on the matter.