What to do if your Twitch account is hacked

Twitch is an entertainment site, but there's nothing entertaining about hackers locking you out of your account. Cybercriminals still run rampant on the internet, as demonstrated by July's massive Twitter hack. With Twitch profiles often containing sensitive payment data, they’re a prime target for digital thieves.

But what should you do if your Twitch account does get hacked? And how can you prevent that?

How are passwords stolen?

Cybercriminals are always searching for new ways to crack and steal passwords. There are three common modes of attack you should be aware of:

• Brute force attacks: Hackers can use software to go through millions of alternative passwords in seconds. Pairing common names, words, numbers, and dates, they just need to wait until they find a match.
• An exposed connection: When you connect to a Wi-Fi hotspot, your baseline security will depend on how safe that specific router is. If a hacker has access to the hotspot, they can see your activity and watch as you input your passwords in real time.
• Phishing emails: In a phishing attack, hackers disguise themselves as legitimate senders, like a business or a bank. They'll ask victims to follow a link in the email and to log in to an apparently genuine website. If an email claiming to be from Twitch asks you to enter your username and password via a specific link, the login page you’re redirected to may be a hacker's trap.
• Breaches: If you use the same password across multiple accounts, a data breach elsewhere can leave your Twitch password vulnerable. Hackers know people recycle their passwords, and they'll test email and password combinations on other sites to see if they can break in.

What to do if your Twitch account has been hacked

There are several common indicators that could alert you to a possible hack. These apply both to Twitch and many other websites:

• Your login credentials no longer work, locking you out of your account.
• You receive an email informing you that your account details (password, username, etc.) have been changed even though you didn't change them.
• You notice unusual outgoing transactions on your bank statements, possibly linked to the Twitch donation system.
• Another account for which you use the same login details gets hacked or shows signs of compromise.

If you notice any of the above, you need to take some precautions.

First, if you still have access to your account, you need to change the password. Once you’ve logged in, head to Settings and find the Change Password option under the Security and Privacy tab. You’ll be prompted to input your current password and create a new one. This should automatically force anyone who’s logged in elsewhere to re-enter the new credentials, which they should not be able to do.

If the hacker has reset your account information by changing both your password and your username, you can still regain access. On the login page, click Trouble Logging In? and follow the prompts. As long as you still have access to your email, you'll be able to get your Twitch account back.

As soon as you’ve regained access, you should remove any third-party apps currently linked to the account. These can sometimes be the route of the hack, so remove them by going to Other Connections and Connection Settings. You can re-add the ones you trust later, but take that extra precaution now.

How to prevent a hack

While it's good to know what to do after a hack, it’s even better to avoid it entirely. Take these three simple steps today to enhance your security:

1. Use stronger passwords. Start using long, complex passwords, combining a range of numbers, letters, and symbols. Don't rely on any real names or words, and avoid any patterns or numerical sequences (password123 is out).
2. Don’t reuse login credentials. This is a trap that many fall into, so never use the same password for multiple accounts. Make sure you have completely new login details for every online profile, or you'll risk getting hacked on all the accounts for which you use the same credentials.
3. Encrypt your data with a VPN. Use NordVPN to protect your browsing traffic with layers of encryption. This will strengthen your security and is essential if you regularly use unprotected Wi-Fi. One NordVPN account secures up to six devices, empowering you to protect your privacy at all times.

For more tips on staying secure online, subscribe to our monthly blog newsletter below!