Originally designed as an online video gaming streaming service, Twitch became all the rage in the online poker community when popular players started live streaming their virtual poker tables. Now, a recent report of a Twitch hack has got the iPoker community on edge. The company gave no specific details on what information may have been compromised, but is warning everyone to change their passwords.
A notice regarding the Twitch hack was published on Twitch.tv on Monday, March 23, 2015, and has received two updates since then referencing concerns from users. The original message reads:
Important Notice About Your Twitch Account
We are writing to let you know that there may have been unauthorized access to some Twitch user account information.
For your protection, we have expired passwords and stream keys and have disconnected accounts from Twitter and YouTube. As a result, you will be prompted to create a new password the next time you attempt to log into your Twitch account.
We also recommend that you change your password at any website where you use the same or a similar password. We will communicate directly with affected users with additional details.
According to the limited information that was provided, one of the top (addressed) concerns from players after the Twitch hack notice went up had to do with the resetting of passwords. In response to questions regarding “password security and the complexity of our password reset flow”, the following response was posted.
What are your password requirements?
The password requirements revolve around algorithmic complexity (entropy), and thus are non-intuitive. The password rating we employ is there to help you create a secure password.
How do I create a secure password?
In order to create a secure password, we suggest you use a long random character string with a mix of character types (letters, numbers, symbols). To make it easy to remember, feel free to use words from the dictionary with multiple uncommon string substitutions.
A number of password examples were providing, describing the best and worst ways to create a new password (such as !70v3Gr33n@pple$auce? instead of ILoveGreenApplesauce). Twitch said the best solution choosing a secure password is to “Use a reputable password manager with a random password generator.”
Apparently the password reset requirements were originally set extremely high in terms of security, because a second update read: “We’ve heard your concerns about overly-restrictive password requirements, and have reduced them to an 8 character minimum. Best practices regarding password security remain true.”
Amazon offers No Specific Details regarding Twitch Hack
The Amazon-owned company was contacted by the Wall Street Journal in hopes of providing the public with more elaborate details regarding the Twitch hack, but no additional information was provided. What most would like to know is if the credit card information of premium Twitch subscribers (standard membership is free) may have been compromised, but again, the company is staying tight-lipped about it.
Last month, WSJ published a spread called ‘Amazon’s Twitch Site Bets on Poker’, detailing the company’s aspirations to expand further into the online poker realm. Since then, more and more online poker players are joining the video streaming service to watch players like PokerStars Pro Jason Somerville live in action. Unfortunately, if any of those members weren’t careful when signing up an account, the effects of the Twitch hack could trickle down to their respective internet gaming accounts.
Anyone who uses any form of paid online service, such as a real-money online poker account or a premium subscription to Twitch, should know that mimicking usernames and passwords is a tremendous faux pas. Due to the Twitch hack, anyone who made such a blunder may have compromised their online poker account, as well.
For example, John Doe plays at WSOP.com under the nickname “What-a-Dunce”, with the password “Number1Idiot”. He then gets wind of all the online poker video streams on Twitch and decides to sign up an account there. Wanting all other poker players to recognize him, he uses the same “What-a-Dunce” nickname, and because he really is a dunce, he also uses the same password. Whoever committed the Twitch hack would then have easy access to John Doe’s online poker account, and all the funds within it.