all 3 comments

[–]sawboss 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

One way to deal with this is when a streamer wants to connect their game have Twitch generate a cryptographic nonce. The player will then enter the nonce into the game client which uses that to establish the connection. The nonce should only grant limited access to the account, and certainly not the privilege of changing the player's Twitch password. In this way the game client only has access to limited portions of the account during each session.

[–]AschTheConjurer 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (1 child)

I was curious as to why I got an email about my defunct twitch account being logged in.

Does OP have a link to the original story about the hacks?

[–]BackwardsCompatible[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

It's basically account stuffing. A large chunk of the stolen information came from the Town of Salem breach. Attackers used that login information on twitch and other platforms to get access.

https://www.bleepingcomputer.com/news/security/27-percent-of-passwords-from-town-of-salem-breach-already-cracked/

To check if your email was comprised anywhere.

https://haveibeenpwned.com

Let me know if this is what you are looking for.