Twitch Security

Twitch Security is responsible for creating the systems that protect the millions of streamers and stream viewers that use our platform. If that sounds interesting to you, consider checking out our jobs page for open positions.

While Twitch Security’s main goal is protecting those on our platform, we primarily act in a technical capacity, designing and securing Twitch’s systems. If someone else has logged into your account without your permission, contact Twitch Support. If you believe someone is breaking our rules, file a user report.

If you think you have technical details of a security flaw in Twitch, you can notify us with the Responsible Disclosure form toward the bottom of this page.

Protecting Your Account

Keep your login safe!

Anyone with your username and password can get into your Twitch account. Never tell anyone your password, not even someone at Twitch. We will never ask for your password.

We recommend you use a password on Twitch that you don’t use anywhere else. It might be hard to remember lots of passwords so it might be worth finding a good password manager to keep all your passwords in a safe place where you don’t have to remember all of them.

Two Factor Authentication (2FA)

Two factor authentication is one of the best things you can do to protect your Twitch account from the bad guys out there. Here are some directions to help enable it.

Verify your Email

If you forget your password you will need a verified email to get back into your account. Make sure to verify your account via the steps we sent you.

Staying Safe

It doesn’t hurt to be a little cautious when protecting yourself online. Avoid clicking links or downloading files from suspicious strangers and keep your devices up to date with the latest updates.

Responsible Disclosure

If you believe you’ve discovered a vulnerability in Twitch that puts our users at risk and can give technical details, please use the below form.

If you believe that such security issue exists but cannot give technical details, please instead contact Twitch Support, who will handle the issue appropriately.

Historical Thanks

Prior to integrating our Responsible Disclosure system with Hackerone, we received many helpful reports over the years. This list is no longer updated. Thank you for your contributions to security at Twitch!

  • Ivan U
  • Cameron Dawe 
  • cake
  • sehno (@_sehno_)
  • Eusebiu Blindu (@testalways)
  • Md. Nur A Alam Dipu​ (@Dipu1A)
  • Alexey Dorogin
  • Néstor Amador
  • Mitchel Pyl
  • Sean Latimer
  • Zach Meyers
  • Vineet Kumar
  • Zach Furbush (Zekniq)
  • Waseem Ullah Siddiqui - Fastian
  • Greg Stefanowich (@GStefanowich)
  • Mohammad Obaid
  • Jouko Pynnönen
  • Glen Takahashi
  • Kevin Roh (rohk)
  • Eric Hurkman
  • Aidan Woods (@aidantwoods)
  • Ashley Boxshall
  • Aditya Agrawal
  • Ali Hassan Ghori
  • Allan Tomol
  • Benjamin Bacher
  • Cirja Florinel-Vasile (@quistertow)
  • Evan Ricafort (@robinhood0x00)
  • Josefine Nielsen (@Pseudochu) x2
  • Juan Broullón Sampedro (@The_Pr0ph3t)
  • Koutrouss Naddara
  • Madhu Akula
  • Mehmet Nurcan
  • Mohamed A. Baset
  • Nakul Mohan(@Anonymous_India)
  • Nemesis
  • Othmane Tamagart aka 0thm4n@WhiteHatSec
  • Sachin Thakuri
  • Sangeetha Rajesh
  • Sarath Kumar
  • Shrushti Sarode
  • Simone Memoli
  • Stepan Obraztsov
  • Swapnil A. Thaware
  • Venkat (@PranavVenkatS)