Twitch responds to cyber breach by making passwords shorter

Gameplay streaming service makes ‘nonsensical’ decision to reduce minimum password length

Amazon-owned Twitch, a video streaming service, has responded to hackers harvesting user details by reducing its minimum length for passwords.

The firm, which allows gamers to stream footage of them playing videogames, yesterday warned customers that cyber criminals may have compromised their accounts, leaving their personal details up for grabs.

Vulnerable data allegedly includes email addresses, passwords, dates of birth and address and contact information.

Twitch expired all account holders' passwords as a security measure, meaning users must create a new password next time they log in.

However, users took to social networks to complain that the 20-character minimum length for Twitch passwords was too high, and Twitch folded under the pressure, cutting the minimum character limit to eight.

A blog post read: "For your protection, we have expired passwords and stream keys and have disconnected accounts from Twitter and YouTube.

"We've heard your concerns about overly-restrictive password requirements, and have reduced them to an eight-character minimum. Best practices regarding password security remain true."

While the blog recommends people either create a string of random letters and numbers or use a random password generator, the reduced character limit means people can create less secure passwords.

Mark James, security specialist at antivirus firm ESET, criticised Twitch for the decision, saying the user complaints would comprise a small percentage of the overall user base.

"In a time when security should be more important than convenience it makes no sense to shorten the requirement for password length," he said.

"We should understand by now that longer passwords are a necessity and not a problem if we want to protect our identities and hard earned cash."

The news comes after Yahoo introduced a random password generator service for its email customers, to make the service more secure.

Password' and 123456' proved to be the most popular passwords in 2014, security firm SplashData's latest annual survey showed.

There's few details about who was behind the Twitch hack, but cyber criminal group Lizard Squad have been responsible for a wave of attacks on gaming sites, with targets including Xbox.

ESET's expert, James, said: "Gaming sites have always been a lucrative target. Not only do they represent gamers that may use the same login and passwords as similar sites but they also enable the possibility of other electronic goods to be stolen and sold elsewhere, in game items, in game gold."

He praised Twitch's move to expire passwords and unlink Twitch accounts from other platforms, but encouraged users to make their passwords more secure by mixing upper and lower case letters with numbers and unusual symbols.

Picture courtesy of Takuma Kimura

Featured Resources

Seven steps to connect and empower your frontline workers

How business leaders can improve communication with a secure platform

Free download

Create what’s next

The future of collaboration and productivity

Free Download

Leveraging the cloud without relinquishing control

Your data. Their cloud.

Free download

Re-architecting for nonstop innovation

Unlocking productivity, scalability, and lower costs for cloud natives

Free Download

Recommended

Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
How to speed up Microsoft's Windows 11
Microsoft Windows

How to speed up Microsoft's Windows 11

9 Nov 2021
Nike to take customers into the metaverse with 'NIKELAND'
virtualisation

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021