Another day, another hack. Amazon-owned Twitch – the online game streaming service – was the target of latest breach, which announced it on their blog and emailed users possibly affected by the attack.
In nearly all cases, a hack on a business is followed by strengthening security protocols. For Twitch, the users won out after complaining Amazon / Twitch was being too strict on their password requirements. So, instead of a happy middle, Amazon decide to bow to user demands of easier passwords.
The attack forced the reset of all Twitch passwords after the possible intrusion was detected. That’s standard operating procedure, unless you just want your identity stolen. In that case, you can always watch a Melissa McCarthy movie on how that turns out. Yeah, I’m changing my password too.
According to the email sent to users, the attacked may have occurred when users logged in on March 3. Way to stay on top of things. It’s damn near April. Malicious code could have grabbed passwords in plain text format when a user logged in for their daily League of Legends marathon.
Potential data compromised is the norm from this type of attack. Credit card information, card type and expiration date for your payment information. Personal details such as date of birth, address and phone number were also potentially stolen. With those details, someone has a good shot at stealing your identity and having a blast on Amazon.
Twitch Backs of Password Requirement
What happened in the wake of the attack is users started to complain about the restrictive passwords. Some couldn’t remember their passwords, while others said you had to have a 20-character password to login. 20 characters? I don’t think our nuclear launch codes have 20 characters.
Twitch user Corbin Ellis summed up the feelings of the community on Twitch’s Facebook page that “if users want to use bad passwords, that’s their problem, not yours.” That’s right, to hell with the company trying to protect the identity of its users.
Now, you have to use at least 8 characters. Do you need a 20 character, ‘ just smacked my keyboard for 3 seconds’ password? No. According to security experts, this just exposes the need for companies to devise a better way to send, encrypt and store passwords.
Oh, and quit using password as your password.