The entire Twitch website was leaked, according to developer Sinoc. Not just some user information or a small percentage of passwords, but the entire website, from beginning to end.
To be sure, this isn’t great news. We’re guessing the Twitch crew is having a terrible, horrible, no good, very bad Wednesday morning right now. While there is no way to undo the information that was leaked in this case, there are steps you can take to protect your account and mitigate any further harm that bad actors may cause.
How to change your Twitch password
You should first and foremost change your Twitch password. To do so, go to your profile, click Settings, and then select “Security and Privacy” from the drop-down menu. Select “Change password” from the Security menu. Ignore Twitch’s warnings about your stream key being invalidated and access to third-party services being revoked; changing your password at this point is non-negotiable.
Fill in the “Old Password” field with your old password, then the “New Password” and “Confirm Password” fields with your new one. To save it, select “Change Password.” We implore you to create a strong and unique password for this account, as we do for all of your accounts. Remember that if you use your leaked Twitch password for other accounts, those credentials are now compromised as well, and you’ll need to change them as well.
How to set up two-factor authentication for your Twitch account
Set up two-factor authentication for your Twitch account while you’re at it. Because you’ll need both your username and password, as well as a generated code from an authenticator app or text message to log in to your account, it adds an extra layer of protection to your account. To get started, go to the Password section and click “Set Up Two-Factor Authentication,” then “Enable 2FA.”
Begin by giving Twitch your phone number. If you don’t have access to an authenticator app, the site will be able to send you a text for 2FA as a backup. Twitch will send you a code to test that number; enter the code from your message into the field and continue. You’ll be prompted to download an authenticator app if you’re setting up 2FA on your desktop. You can use whichever one you want, but Twitch suggests Authy. Your saved passwords have an authenticator built-in if you have an iPhone running iOS 15.
After you’ve downloaded your app, scan the QR code Twitch displays on-screen to connect it. Once you’ve connected, enter the code generated by the authenticator app into the field provided on Twitch; if the code matches, you’re good to go.
Related: How to Change Browser on Windows 11
How to reset your stream key on Twitch
You’ll also want to reset your stream key if you’re a streamer. This key is specific to your account and lets Twitch know that you’re the one sharing audio and video on their platform. Twitch is adamant that you never show this key to anyone, but given that the entire site has been compromised, you should assume the problem is now out of your hands.
Luckily, it’s easy to reset your key, so that anyone who takes a look at your old one won’t be able to use it. Just click your profile, then click “Creator Dashboard.” Now, head to Settings, choose “Stream,” then click “Reset” next to Primary Stream Key. A green checkmark will confirm your key is reset.