IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Twitch responds to cyber breach by making passwords shorter

Gameplay streaming service makes ‘nonsensical’ decision to reduce minimum password length

Amazon-owned Twitch, a video streaming service, has responded to hackers harvesting user details by reducing its minimum length for passwords.

The firm, which allows gamers to stream footage of them playing videogames, yesterday warned customers that cyber criminals may have compromised their accounts, leaving their personal details up for grabs.

Vulnerable data allegedly includes email addresses, passwords, dates of birth and address and contact information.

Twitch expired all account holders' passwords as a security measure, meaning users must create a new password next time they log in.

However, users took to social networks to complain that the 20-character minimum length for Twitch passwords was too high, and Twitch folded under the pressure, cutting the minimum character limit to eight.

A blog post read: "For your protection, we have expired passwords and stream keys and have disconnected accounts from Twitter and YouTube.

"We've heard your concerns about overly-restrictive password requirements, and have reduced them to an eight-character minimum. Best practices regarding password security remain true."

While the blog recommends people either create a string of random letters and numbers or use a random password generator, the reduced character limit means people can create less secure passwords.

Mark James, security specialist at antivirus firm ESET, criticised Twitch for the decision, saying the user complaints would comprise a small percentage of the overall user base.

"In a time when security should be more important than convenience it makes no sense to shorten the requirement for password length," he said.

"We should understand by now that longer passwords are a necessity and not a problem if we want to protect our identities and hard earned cash."

The news comes after Yahoo introduced a random password generator service for its email customers, to make the service more secure.

Password' and 123456' proved to be the most popular passwords in 2014, security firm SplashData's latest annual survey showed.

There's few details about who was behind the Twitch hack, but cyber criminal group Lizard Squad have been responsible for a wave of attacks on gaming sites, with targets including Xbox.

ESET's expert, James, said: "Gaming sites have always been a lucrative target. Not only do they represent gamers that may use the same login and passwords as similar sites but they also enable the possibility of other electronic goods to be stolen and sold elsewhere, in game items, in game gold."

He praised Twitch's move to expire passwords and unlink Twitch accounts from other platforms, but encouraged users to make their passwords more secure by mixing upper and lower case letters with numbers and unusual symbols.

Picture courtesy of Takuma Kimura

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022