The popular live-streaming platform Twitch is grappling with a significant security scare. Multiple content creators, including notable virtual streamers, have publicly claimed that their accounts were compromised. The attackers reportedly accessed the accounts and altered crucial payout information, raising serious questions about the platform's security measures.
Streamers Sound Alarm on Social Media
The issue came to light when several streamers took to X (formerly Twitter) to share their distressing experiences. A common and alarming thread in all reports was that the breaches occurred even though two-factor authentication (2FA) was active on the accounts. This security feature, designed to be a robust second layer of protection, appears to have been bypassed, leaving creators confused and vulnerable.
VTuber Kiona was among the first to raise the flag. She stated that her Twitch account was hacked and her payout method was changed without her consent or knowledge. In a frustrated post on X, she highlighted the failure of the 2FA system, writing that she received no text message or notification about any login attempt.
Another virtual streamer, Sasuga Reina, reported an identical situation. She received an email alert about updated payment details which she did not authorize. Reina suspected a connection to a recent Twitch Prime bot subscription attack she had experienced. She criticized Twitch's initial support response, claiming the agent was more focused on ending the chat than addressing the clear compromise of her secured account.
Twitch Responds and Updates Policies
The growing outcry prompted a response from the platform. Livestreaming industry figure Zack Bussey shared Twitch's official statement, which confirmed the company was aware of the issue and actively investigating. Twitch advised users who believe they are impacted to contact their support team immediately.
In a coincidental timing that drew community scrutiny, Twitch also updated its Cookie Notices on the same day for the first time since 2019. The update included new descriptions for various cookie types. While no direct link between the policy update and the security incidents has been established, the parallel timing has fueled further discussion and concern among the streaming community, which is now anxiously awaiting a comprehensive explanation and solution from Twitch.
What This Means for the Community
This incident strikes at the core of trust between a streaming platform and its creators. For many, Twitch is a primary source of income, and unauthorized access to payout settings poses a direct financial threat. The apparent bypass of 2FA is particularly troubling, as it undermines a fundamental security practice recommended by all major online services.
As the investigation continues, streamers are advised to monitor their accounts closely, review their security settings, and report any suspicious activity directly to Twitch Support. The outcome of Twitch's probe will be crucial in restoring confidence and ensuring creator earnings remain protected from such sophisticated attacks.
