
this is why we can't have nice things.
Gameplay-streaming upstart Twitch thinks hackers may have harvested its user accounts for private information – and has reset people's passwords as a precaution. The San Francisco-based startup, which lets people stream videos of themselves playing games to online spectators – said it has also voided all stream keys, and …
Logical, but a password utility doesn't work so well when you don't have access to it. I use an organically stored algorithm along with partial site name and one of two passphrases to generate the password on the fly. One passphrase for things linked to banking/financials, another for less important stuff. Oh, plus another wholly made up password for email. Works well until the hardware goes bad. :)
There needs to be a standard we were hacked announcement including certain details. The two main things I want to know are:
What algorithm was used for encrypting the passwords?
Were the passwords individually salted?
Maybe they don't include these details because they don't want to confuse the public, but the cynic in me says they don't include these details because they are too embarrassed to admit they weren't.
If you read the article (and some other articles I've read seem to confirm this), then you'll see that the hackers took over the login webpages. Thus the passwords were grabbed before they were encrypted, similar to if someone had a keylogger installed on your computer.
From the details I read on a different website (but dont take this as confirmation) it seems that the hackers had the website under control for 1 day (March 3rd), but until some more details come out, that might turn out to be an underestimate...
Still, annoying for those people who use Twitch...
I got this email message also. I had assigned Twitch its own password, but the email address is shared among several thing. I don't plan on closing down that email address unless I start to get massive amount of spam emails.
I did change the password for security reasons. I don't remember if I logged into Twitch on 2 and 3rd March.