Many Twitch users receiving forced password reset emails

Bradley Wint
Mar 4, 2017 2:41pm AST
Photo: Twitch

Many Twitch users received an email this morning claiming that there may have been unauthorized access to their accounts, and that their passwords would be temporarily reset.

This comes just a few hours after Twitch experienced technical difficulties in the past twenty four hours. Users reported being forced out of their accounts, with some being booted out mid-stream. They were then unable to re-login as the system claimed that their passwords were incorrect.

The self-reset function also seemed to be non-functional, as many have since not received their follow up emails (even though we did).

The email which came from email hidden; JavaScript is required advised users that their accounts may have been compromised, and they should conduct a password reset immediately. Beyond the email coming from the company’s domain, the message seems to be legitimately sent from them as no links were provided back to the website (usually included in phishing emails).

We believe that an unauthorized party may have accessed your account. For your security, we have invalidated your existing sessions and we have assigned a temporary password to your account.

You will need to reset your password when you return to Twitch. To reset your password, click “Log In” at the top of any page on On the Sign In page, click the “Trouble logging in?” link to reach the Password Assistance page. After you enter your username, you will receive an email containing a personalized link. Click the link from the email and follow the directions provided.

We also encourage you to enable two-factor authentication (2FA) to protect your account from unauthorized logins. 2FA requires two different methods of verification to log in to your Twitch account: your password and your mobile phone. If your password is compromised, your account will be inaccessible without the unique code sent to your phone. To learn more about Two-Step Verification, go to, go to Help, and click Two Factor Authentication with Authy, located in the Getting Started section.

We are unable to say how your sign-in information was obtained since the activities used to obtain these details occur away from our websites. Some techniques used to gain unauthorized access include trying commonly-used passwords, trying credentials obtained from compromises of other services, and by using malicious software to capture a user’s keystrokes and Internet activity.


Even though they advised users to enable two-step login, it’s unclear if accounts were really compromised or not as some reddit users with 2FA enabled reported receiving the same email as well.

We have reached out to Twitch for a comment, and we will update this post accordingly.

Try Modern is a blog about the latest tech, finance, lifestyle and web trends. Keep up with us on Facebook and Twitter.