In September, the developer of the popular gaming app Twitch was forced to suspend its operations because of a massive security breach that compromised more than two million user accounts.
The incident forced the streaming platform to cancel hundreds of thousands of monthly users and shut down its server farm for a period of time.
The breach was discovered by security researcher Kevin Mitnick.
While Twitch is not the only company affected by the security breach, it is the first time Twitch’s server farm has been compromised, according to a Reddit post by security analyst and founder of security company RedHat, John Graham.
“The issue here was not with Twitch’s servers,” Graham said.
“It was with the way Twitch had designed their API, which allows for a large number of accounts to be connected to the same server.
As such, the vulnerability allowed attackers to access and use those accounts for their own nefarious purposes.”
The company announced in October that it would be shutting down the server farm and redirecting users to a new one that has a different username and password.
“After investigating the issue, Twitch has determined that the vulnerabilities that were discovered are currently being patched and we are currently investigating how to prevent similar incidents from occurring again,” the company wrote.
“As such, we are redirecting all users to the new server that we have identified as the ‘best’ option to ensure they have a smooth and secure experience.”
But Graham also said the company’s servers could be hacked and the company is taking measures to protect its users.
“If they can hack your server, you can hack theirs,” he said.
The vulnerability was first spotted in September, when hackers were able to access a number of Twitch accounts, including the admins of the subreddit called r/leagueoflegends, Graham said, adding that the team has been in contact with the affected servers since that time.
Graham said that while Twitch’s developers have made a number changes to the code of the server to protect against security breaches, the server’s functionality has remained unchanged.
“We will be updating the code to address the new vulnerability, and will have an update out on our main Twitch page as soon as it is ready,” Twitch said in a statement.