It's looking increasingly likely that world-leading game streaming platform Twitch has suffered an enormous data breach. When we say enormous, we mean that the entire site has been breached, from the source code to the comments, to its individual streamer payouts to encrypted passwords, and even details on an unreleased Amazon-backed Steam competitor.

The breach is a catastrophic intrusion with massive ramifications, not least for the millions of users that must now track down and change passwords before suffering an account breach.

Massive Twitch Breach Posted on 4chan

An anonymous user posted a 125GB data dump on 4chan early on Wednesday, October 6, 2021, claiming that the video streaming community is "a disgusting toxic cesspool" and that "to foster more disruption and competition in the online streaming space, we have completely pwned them."

twitch leak 4chan screenshot

The massive data dump includes:

  • The entire history of Twitch.tv, including all early commits
  • All source code for its mobile, desktop, and console clients
  • Numerous proprietary SDKs and internal Twitch AWS functions and services
  • All related source code for other Twitch-owned properties
  • The unreleased information on a potential Steam competitor in development by Amazon Game Studios
  • Internal security tools
  • Creator and streamer payout reports from 2019

It's a frankly incredible haul of data, pilfered from one of the world's largest websites and one that is home to thousands of the world's top streamers.

Your Favorite Streamers Earn A LOT of Money

In case you were wondering, and we know you are, someone has already trawled through the 4chan leak and compiled a handy list of how much the top Twitch streamers are taking home before and after-tax. Of course, we always knew there was money in streaming, especially if you make great, engaging content, but some of those figures are phenomenal.

However, streamers on the list have already taken to Twitter to refute the claims, with some saying that their earnings aren't even half of what's being reported for the three-year period (2019-2021).

Change Your Twitch Password and Enable 2FA

Given the Twitch breach contains the entire website, it's also highly likely that your password is now exposed, so you need to go and change your Twitch password immediately.

  1. Head to Twitch and sign-in with your current credentials.
  2. Click your profile icon in the top-right corner and select Settings.
  3. Open the Security and Privacy tab.
  4. Under Security, select Change password.
  5. Input your current password.
  6. Now, input your new password, confirm it, and select Set Password.

After switching up your password, you should enable two-factor authentication if you haven't already done so.

  1. Click your profile icon in the top-right corner and select Settings.
  2. Open the Security and Privacy tab.
  3. Select Set Up Two-Factor Authentication > Enable 2FA.
  4. Input your phone number and select Continue. Wait for the seven-digit code to arrive.
  5. When it arrives via SMS, input the code and select Continue.

Alternatively, you can use an authenticator app with Twitch instead, such as Google Authenticator or Authy. The Twitch authenticator app settings are found in the same menu.

Never Reuse Credentials, Ever

When a website of any size suffers a data breach, one of the first things you do is change your login credentials. Switching up your password will protect your account from further intrusion (depending on the scale of the issue, of course).

But if you reuse the same credentials all over the internet, it won't take long before that username/password combination is being tried at every major service in the hope that they unlock the door.

So, always take a moment to create a unique login, and at the very least, always use a strong and unique password for each site.