IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Twitch responds to cyber breach by making passwords shorter

Gameplay streaming service makes ‘nonsensical’ decision to reduce minimum password length

Amazon-owned Twitch, a video streaming service, has responded to hackers harvesting user details by reducing its minimum length for passwords.

The firm, which allows gamers to stream footage of them playing videogames, yesterday warned customers that cyber criminals may have compromised their accounts, leaving their personal details up for grabs.

Vulnerable data allegedly includes email addresses, passwords, dates of birth and address and contact information.

Twitch expired all account holders' passwords as a security measure, meaning users must create a new password next time they log in.

However, users took to social networks to complain that the 20-character minimum length for Twitch passwords was too high, and Twitch folded under the pressure, cutting the minimum character limit to eight.

A blog post read: "For your protection, we have expired passwords and stream keys and have disconnected accounts from Twitter and YouTube.

"We've heard your concerns about overly-restrictive password requirements, and have reduced them to an eight-character minimum. Best practices regarding password security remain true."

While the blog recommends people either create a string of random letters and numbers or use a random password generator, the reduced character limit means people can create less secure passwords.

Mark James, security specialist at antivirus firm ESET, criticised Twitch for the decision, saying the user complaints would comprise a small percentage of the overall user base.

"In a time when security should be more important than convenience it makes no sense to shorten the requirement for password length," he said.

"We should understand by now that longer passwords are a necessity and not a problem if we want to protect our identities and hard earned cash."

The news comes after Yahoo introduced a random password generator service for its email customers, to make the service more secure.

Password' and 123456' proved to be the most popular passwords in 2014, security firm SplashData's latest annual survey showed.

There's few details about who was behind the Twitch hack, but cyber criminal group Lizard Squad have been responsible for a wave of attacks on gaming sites, with targets including Xbox.

ESET's expert, James, said: "Gaming sites have always been a lucrative target. Not only do they represent gamers that may use the same login and passwords as similar sites but they also enable the possibility of other electronic goods to be stolen and sold elsewhere, in game items, in game gold."

He praised Twitch's move to expire passwords and unlink Twitch accounts from other platforms, but encouraged users to make their passwords more secure by mixing upper and lower case letters with numbers and unusual symbols.

Picture courtesy of Takuma Kimura

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Most Popular

Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022