Twitch backs down on 20-character passwords in wake of hacking

Amazon owned gaming website Twitch has backed down on its attempts to force stronger password complexity on its site post-hacking, after multiple complaints from its userbase, according to Forbes.

The site, which allows gamers to stream themselves playing games live for internet viewers, had originally insisted that new passwords be at least 20 characters long, after resetting them as a precautionary measure. Customers took to the company’s social media pages to complain about the difficulty of remembering 20 character passwords, with one user writing on their Facebook page, “if users want to use bad passwords, thats their problem, not yours.”

Twitch’s response was to change their requirements, announcing that the minimum number of characters would be reduced to eight, despite its recent breach.

Twitch, which was purchased by Amazon last September, sent out emails today confirming that its database has been breached and that usernames, email addresses, last login IP addresses, credit card types, truncated credit card numbers, card expiration dates, first and last names, phone numbers, addresses and dates of birth may have been compromised.

The Register notes that while passwords were stored in hashed form, code could have been planted on the website on March 3 that could intercept passwords during login. As a precaution the site disconnected Twitter and YouTube, and reset passwords for the site’s estimated million-strong membership. Further details are available in a blog post on the Twitch website.

While a membership of just over a million makes this breach relatively minor in comparison to other high profile hacks, Tech Crunch points out that Twitch itself remains a hugely popular web destination for users without accounts. The site claims that Twitch is the fourth largest site on the net “in terms of peak traffic, bested only by Netflix, Apple and Google.”

Author , ESET

Follow us

Copyright © 2016 ESET, All Rights Reserved.