streamers haven

Twitch Security – Protect your account from being hacked

Hello everyone – In this article, I’m going to be talking about Twitch security measures you can take to prevent the loss of access to your Twitch account. Hacking is unfortunately on the rise in 2021, so I felt that it was important to revisit this issue that I wrote about in 2019, informing you of the ways that you can improve the security of your account.

Most accounts that are compromised aren’t actually specifically targeting you. Your data is merely one of the millions of others that are plucked from a larger hack on a specific company, whose products you may use in your everyday life. Companies like Adobe, Dropbox, Kickstarter, and most recently Facebook are the targets, and hackers exploit a security loophole within the code of the site to obtain this information. In this case, there is nothing you can really do, except to change your password as quickly as you can when you find a breach.

How do these users get into your account on Twitch?

There are really two big ways that a hacker can gain access to your Twitch, account –

  • Though the connections system that uses OAuth certs.
  • And through a Data breach hack from a large platform like Adobe, Facebook, etc.

Twitch has some pretty beefy security in place, so accounts getting hacked is a bit of a rarity these days. Still, they can happen, mainly through a compromised connection to your Twitch account. It is important to regularly check in on those connections that you allow in there, and eliminate any that you no longer use, or don’t recognize. These connections serve as a back door into your account, and if they are configured a certain way, can control many parts of your account, including the ability to change your password, access and charge saved cards, and more.

The only other way that hackers can access your account is by a Data breech hack, and your re-use of the password that is compromised inside of a CSV file

How to check if your email account has been compromised

There is a website that has been created to scrape these data breach lists that are put on illegal hacking websites for sale known as “HaveIBeenPwned“. This site will check to see if it finds your email within one of these CSV (Comma Separated Values) files of compromised information, and tell you what data is found within them. If you think you’re immune to being hacked, then here is some proof that it can happen to anyone – Even me.

Twitch security practice - Check if you have a compromised email
Using a breach checker site like https://haveibeenpwned.com/ can tell you if your password has been compromised. As you can see, One of my emails has been compromised quite a lot over the years…

Whenever there is a breach like above, you need to change all of your passwords for every single account you have. Failure to do so has the potential to result in the loss of an account for any other service you use further down the line. It is for this reason that many security experts recommend that you use a unique password for every single website and service that you use, or to use a Password manager.

What can happen if you don’t change your password

Here is what can happen when you don’t change that information – Note that Twitch itself was never breached in this case – The Email and password combination was merely tested successfully for Twitch.

Unauthorized login from Russia notification from twitch. I live in the USA, and have only been to Canada...
Russia?!
Unauthorized login from Span notification from twitch.
Spain?!! I Live in the United States, and never been anywhere else except Canada…

Back in April 2019, I received an email from Twitch about an old account I forgot existed. As you can see, that password linked to that account name is now compromised from one of those breaches earlier in the list.

RIP.

I can’t stress enough the need to use good Twitch Security practices

The threat is very real – especially for a content creator who relies on access to their platform in order to make money. Worse even, if you saved your credit card/debit card info for easy purchases. I was lucky it was just an old account that I had forgotten about with nothing linked to it. Others have not been so lucky:

Account Hacked! Charged 110 Euros on my account.
Ouch, 110 euros…
Twitch Account hacked, $4500 lost from bit purchases overnight
F-FO-FORTY-FIVE HUNDRED USD??!!!! This poor guy…
Twitch account hacked this morning, 14 new subscriptions charged in 20 minutes!
Yikes, That’s quite the bind he’s in…

Is it worth your potential financial stability for poor management of your online security?

It certainly isn’t to me…

What can you do to secure yourself in the digital age?

Surprisingly, It is actually a fairly simple task to prevent attacks of this nature, albeit a potentially tedious one.

  1. Use separate passwords for every service.
    • This way, even if your account on one service is compromised, only that account is affected in the future.
    • Using a password manager like https://1password.com/ makes this pretty easy.
  2. Incorporate Two-Factor Authentication where possible

Secure your twitch account by enabling 2fa and disable connections to your account!

Secure your twitch account with 2fa
Two Factor Authentication can be enabled in your Settings > Security and Privacy tab, along with changing your password to a unique password
Extension connections should only be connected if you use the connections! Keep your account as secure as possible!
Extension connections list should only have what you use. Disconnect everything else, and re-add only the ones you use.
Disconnect everything and only connect what you use!

Don’t wait until you have a breach. Take the steps necessary now to prevent the attack from ever happening in the first place! This is especially important if your channel is semi-popular. It can literally destroy your business.

Only use connections that you actively utilize. If you stop using something that is connected, cut its access immediately.

Credit to Jakuu – A Security analyst over on Reddit:

Credit to u/jakuu over on Reddit for his very detailed write-up on securing your twitch account. I found this thread when I experienced the account breach mentioned above, which inspired me to write this article.

He has a twitch channel, and you can keep up to date with him over on twitter.

All secure?

Awesome! Security and peace of mind are essential when it comes to your assets. After all, we have enough anxiety to deal with on a daily basis.

If you want to learn more about streaming in general, you may want to check out our “Ultimate Guide to learn about streaming”. It covers absolutely everything we know about streaming to date and will be continually kept up to date.

Leave a Comment