Livestreaming site Twitch says an “error” caused the unprecedented leak that posted vast amounts of sensitive data online this week.
The data appeared to include Twitch’s internal code and documents, as well as the payments made to thousands of top streamers.
Twitch now says the breach was caused by a “server configuration change” that “exposed” some data.
But it has not confirmed if all the data posted online is genuine.
The Amazon-owned company said the breach had involved “a Twitch server configuration change that was subsequently accessed by a malicious third party”.
“As the investigation is ongoing, we are still in the process of understanding the impact in detail,” it said.
But as Twitch streamers and viewers alike scrambled to change passwords, the company also said it:
- had “no indication” login details were compromised “at this time”
- did not store users’ credit-card information, so that kind of financial information could not have been exposed
- was resetting all users’ stream keys – the unique code used by streaming software to broadcast to the right Twitch account