• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

twitch just gave me access to other streamers accounts

GavinUK86

Member
i've been having an issue all day with twitch where it kept logging me out and when i log back in my profile picture, banner and stream title were blank. i just chalked it up to issues their end.

i just went on twitch now and yet again i was logged out so i logged back in but this time it wasn't my account i was given access to it was other peoples. thought that was very strange so i logged out manually and tried again. this time i was logged in as a different person. i went into the edit profile page and lo and behold there was their email address and password and the option to disable the twitch account.

i'm no security expert but i would say this is an issue to look into. as i type this i can refresh the page and have access to an account of someone completely different.

has this ever happened to anyone before? maybe on a different site?

already contacted twitch support earlier today but they don't seem too bothered by it.
 

Iadien

Guarantee I'm going to screw up this post? Yeah.
This happens from time to time on Twitch. Not sure why the fuck they haven't been able to fix it yet.
 
Twitch has been such a mess today, they might as well do this too. At one point I was seeing everything in Japanese text. I think I was still in my account though.
 
That's crazy. If they don't seem to care to respond to your message then you did the right thing by trying to make the issue more known.

That being said, Twitch must hire the bottom of the barrel programmers. Everything from their API to their apps are just garbage. Stream lag can get up to 30 seconds for some people, email notifications are hit and miss, sub notifications are broken every other day and their iOS and Xbox One apps are the biggest steaming pile of shit I've even seen. All they do is just crash, freeze, and crash again.

I thought getting bought by Amazon might help but nope, same old janky broken Twitch.
 
This has happend a few times in the past, would have expected them to solve the issue by now because it's a rather big one.

Actually, that's exactly what you should do.

I sort of agree, this is not the first time and with how big partner status can be now, logins should a lot more secure.
 

DrewM1788

Member
Twitch is telling me that I have an incorrect username/password on PS4 even though I can sign into the site on PC. Anyone else having this issue today?
 

M3d10n

Member
Login sessions is basic web programming. There tons upon tons of examples on how to implement proper session management all over the web and if you're not confident enough to do it yourself there are lots of open source drop-in solutions.

I can't even begin to imagine how one can mess up cookie-based sessions in such way that you're given access to random user accounts, unless they use a 32-bit incremental number or some other utterly insecure nonsense.
 

LeonSPBR

Member
Happened to me once a few weeks ago. I just exited that account and enered mine, and it showed my account. I saw that you tried that and didn't worked, so keep in contact with twitch, hopefully you'll be able to return to your account.
 
Login sessions is basic web programming. There tons upon tons of examples on how to implement proper session management all over the web and if you're not confident enough to do it yourself there are lots of open source drop-in solutions.

I can't even begin to imagine how one can mess up cookie-based sessions in such way that you're given access to random user accounts, unless they use a 32-bit incremental number or some other utterly insecure nonsense.

I bet its more of a weird caching issue.
 

CTLance

Member
Whelp, I just disabled and hopefully purged my login from their systems. Not like I used it anyway, I'm at best a bloody casual when it comes to stream consumption. I'm more of a lurker and less of a chatter. Had the login only for twitch plays streams, to be honest. Nothing of value was lost.
I can't even begin to imagine how one can mess up cookie-based sessions in such way that you're given access to random user accounts, unless they use a 32-bit incremental number or some other utterly insecure nonsense.
Yup, gaining access to other accounts at random is a security flaw at such a fundamentally low level that I really wonder how this site is coded. Are they using brainfuck for their server side scripting, or what?
 

BajiBoxer

Banned
Wow, seems like kind of a big deal. I just can't imagine simply ignoring the problem. How long has this been a known issue?
 

Bleeether

Member
i've been having an issue all day with twitch where it kept logging me out and when i log back in my profile picture, banner and stream title were blank. i just chalked it up to issues their end.

i just went on twitch now and yet again i was logged out so i logged back in but this time it wasn't my account i was given access to it was other peoples. thought that was very strange so i logged out manually and tried again. this time i was logged in as a different person. i went into the edit profile page and lo and behold there was their email address and password and the option to disable the twitch account.

i'm no security expert but i would say this is an issue to look into. as i type this i can refresh the page and have access to an account of someone completely different.

has this ever happened to anyone before? maybe on a different site?

already contacted twitch support earlier today but they don't seem too bothered by it.

Dude this happened to me the day before yesterday i was tripping out.

When i logged into my account, it logged me into someone elses account. At first i thought someone had hacked my account and changed my screen name or something.
 

Gintoki

Member
They just made everyone reset their passwords.

Important Notice About Your Twitch Account

We are writing to let you know that there may have been unauthorized access to some Twitch user account information.

For your protection, we have expired passwords and stream keys and have disconnected accounts from Twitter and YouTube. As a result, you will be prompted to create a new password the next time you attempt to log into your Twitch account.

We also recommend that you change your password at any website where you use the same or a similar password. We will communicate directly with affected users with additional details.

Sincerely,
Twitch Staff
 

McQuackleton

Neo Member
We are writing to let you know that there may have been unauthorized access to some of your Twitch user account information, including possibly your Twitch username and associated email address, your password, the last IP address you logged in from, limited credit card information (card type, truncated card number and expiration date), and any of the following if you provided it to us: first and last name, phone number, address, and date of birth.

PLEASE NOTE: Twitch does not store or process full credit or debit card information, so your card number is safe.

While we store passwords in a cryptographically protected form, we believe it’s possible that your password could have been captured in clear text by malicious code when you logged into our site on March 3rd.
 

JBourne

maybe tomorrow it rains
I think I'm going to just cancel my account. I rarely use the chat, and I'd donate directly to a streamer rather than subscribe to them and have Twitch take a cut.
 
Top Bottom