Many Twitch users received an email this morning claiming that there may have been unauthorized access to their accounts, and that their passwords would be temporarily reset.
This comes just a few hours after Twitch experienced technical difficulties in the past twenty four hours. Users reported being forced out of their accounts, with some being booted out mid-stream. They were then unable to re-login as the system claimed that their passwords were incorrect.
The self-reset function also seemed to be non-functional, as many have since not received their follow up emails (even though we did).
We believe that an unauthorized party may have accessed your Twitch.tv account. For your security, we have invalidated your existing sessions and we have assigned a temporary password to your account.
You will need to reset your password when you return to Twitch. To reset your password, click “Log In” at the top of any page on Twitch.tv. On the Sign In page, click the “Trouble logging in?” link to reach the Twitch.tv Password Assistance page. After you enter your username, you will receive an email containing a personalized link. Click the link from the email and follow the directions provided.
We also encourage you to enable two-factor authentication (2FA) to protect your account from unauthorized logins. 2FA requires two different methods of verification to log in to your Twitch account: your password and your mobile phone. If your password is compromised, your account will be inaccessible without the unique code sent to your phone. To learn more about Two-Step Verification, go to Twitch.tv, go to Help, and click Two Factor Authentication with Authy, located in the Getting Started section.
We are unable to say how your sign-in information was obtained since the activities used to obtain these details occur away from our websites. Some techniques used to gain unauthorized access include trying commonly-used passwords, trying credentials obtained from compromises of other services, and by using malicious software to capture a user’s keystrokes and Internet activity.
Even though they advised users to enable two-step login, it’s unclear if accounts were really compromised or not as some reddit users with 2FA enabled reported receiving the same email as well.
We have reached out to Twitch for a comment, and we will update this post accordingly.