You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Every Friday
GamesRadar+
Your weekly update on everything you could ever want to know about the games you already love, games we know you're going to love in the near future, and tales from the communities that surround them.
Every Thursday
GTA 6 O'clock
Our special GTA 6 newsletter, with breaking news, insider info, and rumor analysis from the award-winning GTA 6 O'clock experts.
Every Friday
Knowledge
From the creators of Edge: A weekly videogame industry newsletter with analysis from expert writers, guidance from professionals, and insight into what's on the horizon.
Every Thursday
The Setup
Hardware nerds unite, sign up to our free tech newsletter for a weekly digest of the hottest new tech, the latest gadgets on the test bench, and much more.
Every Wednesday
Switch 2 Spotlight
Sign up to our new Switch 2 newsletter, where we bring you the latest talking points on Nintendo's new console each week, bring you up to date on the news, and recommend what games to play.
Every Saturday
The Watchlist
Subscribe for a weekly digest of the movie and TV news that matters, direct to your inbox. From first-look trailers, interviews, reviews and explainers, we've got you covered.
Once a month
SFX
Get sneak previews, exclusive competitions and details of special events each month!
The Twitch hack is real, it's massive, and security experts are aghast at the scale of the thing: "this is as bad as it could possibly be." The leak, which the hackers claim is only "part one," contains the site's source code, unannounced projects such as a Steam competitor, and the earnings of streamers.
Yesterday Twitch issued what was very much a holding statement, and has now expanded upon what it believes happened. Per the Twitch blog:
"We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party. Our teams are working with urgency to investigate the incident.
"As the investigation is ongoing, we are still in the process of understanding the impact in detail. We understand that this situation raises concerns, and we want to address some of those here while our investigation continues."
That is, Twitch is putting this down to the human element: someone set up the company's servers incorrectly, and the hackers were able to find and access it. Whether this is human error or something more nefarious is unknown for now.
Twitch notably doesn't say when this breach happened, though the data included in the leak goes back up to three years. Twitch's statement goes on to clarify that it believes personal data such as logins is not at risk, and emphasised that "full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed." Whether the former can be taken at face value remains to be seen.
Finally, Twitch has reset all stream keys "out of an abundance of caution." Streamers can get their new key here.
Twitch will be in full crisis mode behind-the-scenes because, even if it's worked out what happened, that doesn't do anything about the fact it has happened—and what that means now and in the future. The repercussions are potentially enormous and elements of that are far beyond the control of even an Amazon-backed company.
"A lot more damage is now in store for Twitch," Candid Wuest from cyber-security company Acronis told the BBC. "The breach is already harming Twitch on all the fronts that count. [This leak] could contain nearly the full digital footprint of Twitch, making it one of the most severe data breaches of late. Releasing payout reports for streaming clients will not make the influencers happy either."
We'll keep you updated as this story develops. Meantime, do change your password and set up two-factor authentication.
