An ominous-sounding message on the official Twitch blog warns that "there may have been unauthorized access to some Twitch user account information."
"For your protection, we have expired passwords and stream keys and have disconnected accounts from Twitter and YouTube," reads the statement. "As a result, you will be prompted to create a new password the next time you attempt to log into your Twitch account. We also recommend that you change your password at any website where you use the same or a similar password."
The exact nature of the breach isn't known, but Twitch said it would contact affected users directly with additional details. We've reached out for more information.
Update: Twitch has declined to comment, but VentureBeat has acquired a copy of the email sent to users affected by the breach.
"We are writing to let you know that there may have been unauthorized access to some of your Twitch user account information, including possibly your Twitch username and associated email address, your password, the last IP address you logged in from, limited credit card information (card type, truncated card number and expiration date), and any of the following if you provided it to us: first and last name, phone number, address, and date of birth," it says.
"PLEASE NOTE: Twitch does not store or process full credit or debit card information, so your card number is safe. While we store passwords in a cryptographically protected form, we believe it’s possible that your password could have been captured in clear text by malicious code when you logged into our site on March 3rd."
And again, for emphasis: If you use the same password on other sites, save yourself the potential headaches and heartache, and change it everywhere.