Georgia has suspended the extradition of a Russian hacker suspected of killing an investigator


The Georgian authorities decided to suspend the extradition of Russian hacker Yaroslav Sumbaev, who is accused of organizing a criminal community and massive ongoing fraud and ordering the murder of a Moscow investigator Evgenia Shishkina.

According to Russian media, the extradition process was suspended due to changes in relations between Georgia and Russia. Lawyers of Sumbaev appealed the extradition decision in the Supreme Court of the country and asked Georgian journalists for support. According to them, Sumbaev allegedly had information about Russia's cyber-interference in the Internal Affairs of other States. Therefore he faces charges of murder, which he did not commit, and long imprisonment in the case of extradition. As a result, the authorities decided to suspend extradition.

Recall that in November 2018, Sumbaev was detained in Tbilisi on charges of illegal carrying weapons and using fake documents. Later it turned out that Sumbaev is wanted by Interpol at the request of the Russian Prosecutor's Office in the commission of several crimes, including possible participation in the murder of the investigator Shishkina.

According to the lawyer of Sumbaev, the investigation wanted to check his client for possible involvement in the murder of the investigator Shishkina. However, the investigation had no evidence against him.

Later it turned out, the 19-year-old medical student acted as the perpetrator of the crime, the 17-year-old schoolboy became the intermediary. The schoolboy told during his interrogation that the customer of murder was the drug dealer from the Darknet. He offered him to kill a "bad woman" in Moscow for a million rubles (15 900 $).

In addition, on July 16, it became known that the staff of the Ukrainian Security Service detained hackers controlling 40% of the Darknet. Since 2007, members of the group have provided hackers and criminals from around the world access through Ukrainian networks in the Darknet.

The head of the group was a resident of Ukraine; about 10 accomplices were under his command, as well as dozens of intermediaries in different countries and thousands of customers.

A hacker data center, equipped with a backup power supply, was discovered near Odessa (the city in Ukraine). Law enforcement officers seized nearly one and a half hundred servers, which hosted fifteen hundred hacker resources.

Logins and passwords of users of the Russian online store Ozon leaked to the Internet


The database including more than 450 thousand e-mail addresses and user passwords from accounts of the Russian online store Ozon was found on one of the sites that collect data leaks.

According to journalists, the leak occurred six months ago, but the company did not declare it. The found database combines two other bases, the originals of which were found on one of the hacker forums in November 2018.

As it turned out, a massive data leak could occur in three cases: data theft by an Ozon employee, an attack by a hacker who got inside the organization, or an incorrectly configured external server that opened unauthorized access to the database to anyone.

It is interesting to note that in 450 thousand of published logins and passwords, the number of data belonging to users of the company does not exceed a few percents.

"At the same time, most of the discovered accounts are inactive, that is, they have not been used for a long time," the company said.

Ozon explained that after the leak became known, compromised passwords were reset, and users were notified of the incident.

The official representative of Roskomnadzor (The Federal Service for Supervision of Communications, Information Technology and Mass Media) Vadim Ampelonsky said that Roskomnadzor intends to obtain explanations from the online store Ozon due to the leakage of user data.

Ampelonsky noted that Roskomnadzor is concerned about the actions of Ozon under the circumstances, as the online store did not notify in a timely manner about this situation, which threatened the safety of customers.

According to the official representative of Roskomnadzor, the e-mail address and password not only allows access to the user's account, but also allows to collect personal information and to act on his behalf.

The press Secretary of Roskomnadzor said that at the moment Russian laws do not oblige to notify the Supervisory authority about leaks, but now the relevant regulatory documents are being developed.

Two hackers who stole more than 15,000$ were detained in Ukraine


The press service of the Department of Cyber Police of the National Police of Ukraine reported that Ukrainian hackers transferred from the account of the entrepreneur more than 400 000 UAH using a bug in the online currency exchange service.

According to the police, they received a message from a 30-year-old resident of the Kyiv region that he got suspicious letters at his email address at night. The e-mail said the withdrawal of funds from his Bank account. According to the victim, the attackers managed to withdraw about 420 000 UAH.

During a pretrial investigation, law enforcement officers found two 33-year-old men who were involved in the crime. It turned out that one of them was engaged in the configuration and support of Internet resources.

The attacker used the vulnerability of the victim's online resource to steal funds. First of all, he blocked the work of the resource and the owner’s access to it. After that, the hacker transferred to his electronic wallets all the owner's funds.

According to investigators, the second participant of the criminal group who at that time was in another city began his part of the work. He conducted a number of transactions with various e-wallets to redirect funds, transferred them to cryptocurrency and then cashed.

Cyber Police officers together with Police investigators conducted six authorized searches at the same time. According to their results, computer equipment, additional media, draft records and mobile phones were seized.

According to the article on unauthorized intervention in work of computers, hackers face up to three years of imprisonment.



Estonian hackers forged electronic identity card


As we all know, the introduction of electronic Identity Card has begun in many developed countries. According to the leaders of the States, this allows citizens to receive a large number of services without long standing in queues, as it only requires the availability of the Internet.

Estonian citizens can use about 600 different online services, and 2.4 thousand more services are offered to businesses. An electronic ID allows you to remotely sign documents, pay for cellular communication, use transport, etc.

Another important advantage of electronic identity cards is that they cannot be faked. This is very important for the security of States. Leading experts on cybersecurity argue that such electronic documents are highly reliable. But, as it turned out, this statement is incorrect.

Recently it became known that Estonian hackers were able to fake an electronic ID. The Estonian socio-political daily newspaper Postimees reported the incident.

In February 2019 some Estonian residents began to receive SMS messages from one of the largest Banks in the country. The message offered to update their personal information by clicking on the link which led to a page visually similar to the home page of the Bank. There, users had to log in using their Mobile Electronic Identity Card (Mobile ID) by entering two codes. These two codes were enough to fake the identity of the victims. The scammers created new accounts in the Smart-ID application, which allows them to connect to services in Estonia.

It’s important to note that Smart-ID application allows people to use various services including managing Bank accounts. In total, 2.2 million people are using this app, including 433 thousand in Estonia. However, the damage caused to Estonians is only 1000 Euros.

It should be noted that the last failure in the Mobile-ID was recorded in May, when users could not make money transfers and use other services for several hours. However, there were no cases of identity forgery before.

The introduction of electronic passports is also planned in Russia. It is known that such innovation may appear in the Russian Federation no earlier than 2021.

The Head of the hacker group Lurk accused the court of working for the CIA


The alleged leader of the hacker group Lurk Konstantin Kozlovsky accused the Chairman of the Court Larisa Shangina of working for foreign intelligence services. According to him, the actions of the Kirov District Court of Yekaterinburg threaten the constitutional system of the Russian Federation.

This week the Kirov District Court of Yekaterinburg began to reconsider the case of hackers from the group Lurk. The defendants Alexander Safonov and Konstantin Kozlovsky again announced that they worked for the Russian intelligence services.

In addition, the defendants petitioned for the removal of the President of the Court from the trial. According to Kozlovsky, his petition is due to the fact that the Court refused to close the process from journalists during the preliminary hearing in mid-May.

It is worth noting that this time journalists were again allowed into the courtroom for photo and video shooting.

"An open demonstration of this case may be associated with the incompetence or malicious intent of the judge in relation to the constitutional system of the Russian Federation," Kozlovsky said.

During the meeting Kozlovsky also stated that they have "technical evidence of very serious stories," and instructed that the meeting should be held behind closed doors "so as not to distort the information." According to him, the case contains important information that could damage the State security of the Russian Federation.

"We have serious technical evidence of very serious stories, and the wrong interpretation of journalists can damage the interests of Russia. There is evidence that Russia interfered in the US elections! Our arguments have not been studied. Maybe you're a CIA agent?" Kozlovsky said to the judge.

"I believe that the judge is an employee of foreign intelligence services," he added.

The judge answered to defend that "she is not a member of the foreign intelligence services", causing laughter in the courtroom, and retired to the Advisory room to consider the removal of the President of the Court. The petitions of the defendants were rejected after an hour break.

Ehackingnews.com has previously reported that (https://www.ehackingnews.com/2018/08/group-lurk-who-claims-to-have-hacked.html), in 2017, Kozlovsky took responsibility for hacking into the Hillary Clinton's Email accounts, servers of National Committee of the Democratic Party of the United States and Military Enterprises of the United States.

He claimed that he was recruited by FSB in 2008 and done various cyber attacks for a long time. He also mentioned that his supervisor was FSB major Dmitry Dokuchaev.

Recall that the theft of hacker group amounted to 1 billion 264 million rubles (19 million dollars). The most successful grouping operation occurred on February 29, 2016. 677.6 million rubles (10 million dollars) were withdrawn from the accounts of the Public Joint Stock Company "Metallinvestbank" with the help of fake details.

Lipetsk hacker made transport cards to be unlimited

Since 2017, the citizens of the city of Lipetsk can pay for travel in transport using special electronic travel cards, the balance of which must be regularly replenished.

However, the 22-year-old hacker managed to bypass the system and recorded the transport cards to unlimited.

The young man managed to create a virtual card account, which was recognized by the bus validators and accepted as a real payment. He sold unlimited cards to four residents for a thousand rubles ($ 16) each.

According to owners of unlimited cards, they didn't suspect that the young man carried out illegal manipulations.

The truth came out when one of the buyers appealed to the transport company with complaints about the failure, the validator stopped reading the card. Managers found that the card did not appear in the database, the balance was not replenished for a long time, but at the same time, the owner of the card actively traveled in public transport. After that, the employees of the transport company appealed to the police.

It is worth noting that the transport company lost about 11 thousand rubles.

The criminal case was opened under two articles: fraud and illegal access to computer information.

Hacker who was offering Cybercrime-as-a-service detained in Novokuznetsk



Employees of the Ministry of Internal Affairs of Russia with the assistance of experts of Group-IB, an international company specializing in the prevention of cyber attacks, detained a hacker in Russian city Novokuznetsk who hacked computers around the world.

The detainee offered Cybercrime-as-a-service services to cyber criminals.  He created and maintained admin panels for managing malware and botnets. 
 
According to the local report, he infected more than 50 thousands computers across the world.  He managed to steal usernames and passwords from browsers, mail clients of the infected computers.  He also reportedly stole financial information such as bank card details.

The investigation began in the spring of 2018, when the hacker infected around 1000 of computers with malicious software Formgrabber.

"He administered the botnet, which counted several thousand infected computers of Russian and foreign users,” the press service of the Ministry of Internal Affairs reported.

It turned out that the hacker is only 26 years old, since 15 he has earned money by creating websites for computer games, but then he decided to learn the profession of a hacker.  More recently, he was testing malware targeting Android platform.

He has already been charged under the article "Creation and distribution of malicious computer programs". He completely admitted his guilt.

The Deputy Director hacked the education management Server of Ulyanovsk

The Prosecutor's Office of the Ulyanovsk region reported an extraordinary case in which an employee of an educational institution became a hacker.

According to the Prosecutor's office, the man knew that he had no right to any actions with the information stored on the Management Servers. However, he gained access to the Server of the Education Department of the Ulyanovsk Administration.

Namely, he got access to the data containing personal data of pupils, parents and employees of Ulyanovsk schools and deleted them. These actions led to the failure of the structural units of the Education Department.

Moreover, he found on the Internet a malicious computer program designed to neutralize computer information protection tools and installed it on the hard magnetic disk of the service computer. Thus, he managed to find password-code information to the education management Server.

Finally, the former Deputy Director of the school stopped the work of the structural units of the Education Department.

The man was exposed by the staff of the regional FSB. The suspect explained his actions as revenge to the authority for unfair actions against him. The man was charged with imprisonment for up to 5 years.

The Security Service of Ukraine tracked down a Russian hacker on the territory of Zaporozhye


As previously reported the Ukrainian President Petro Poroshenko accused Russia of hacker attacks on the Ukrainian Central Election Commission, but there was no real evidence of Russian interference in the elections.

This time the Security Service of Ukraine (SBU) claim that stopped the activities of a hacker allegedly hired by Russia to interfere in the work of servers of state institutions.

According to the press center of the SBU, the suspect is the resident of Zaporozhye region, who worked as an administrator of a closed Internet forum for cybercriminals created in the Russian Federation. There he was looking for people who had to send malicious software to the e-mail addresses of State Institutions for a fee.

Experts noted that such computer viruses are used to block the activities of information resources through connection to the State register of Ukraine. The SBU stressed that it could pose a threat to the servers or computers of the Election Commission.

Law enforcement officers searched the hacker's house and found computer equipment with programs to create and transform computer viruses. Also, they found 10 samples of harmful ready-made software which was prepared for distribution between members of a hacker forum.

An interesting fact is that the SBU earlier exposed the resident of Chernihiv region, who "worked for the Kremlin," placing the social media posts criticizing the Kiev authorities and doubts about the combat capability of the Ukrainian army, with the purpose to influence the Election of the President.

President of Ukraine accused Russia of cyber attacks on the website of the Central Election Commission of Ukraine



Petro Poroshenko accused Russia of hacker attacks on the Ukrainian Central Election Commission. According to him, Ukrainian experts on February 24 and 25 recorded a DDoS attack on the Central Election Commission.

Poroshenko pointed out that the National Security and Defense Council, the Security Service of Ukraine and the Department of Information Security, together with their American partners, have developed mechanisms to protect the CEC.

The Head of Ukraine also spoke about the negotiations with representatives of the Armed Forces and the US State Department on cooperation in the field of cybersecurity, which took place in Odessa.

Two weeks earlier, Sergey Demedyuk, the Head of the Cyber Police Department of the National Police of Ukraine, said that Russia is preparing a large-scale cyber attack on the Ukrainian CEC. According to Demedyuk, Russian hackers are going to penetrate into the computer systems of the Election Committee in order to be able to influence the results of the presidential elections, which will be held on March 31, 2019.

The director of national intelligence of the United States, Dan Coats, also agreed with Demedyuk, who admitted that Russia will try to intervene in the elections in Ukraine with the help of hackers.

The Kremlin denied the statements of the Ukrainian authorities about Russia's cyber attacks on the eve of the presidential elections.

"We do not know anything about this. I can only say that we hear a huge number of similar statements from around the world, it seems that it takes the character of some mania or phobia," - said Dmitry Peskov, press secretary of the Russian president.

A spokesman for Vladimir Putin noted that Russia had never had anything to do with various manifestations of cyber crime.

Interestingly, at the beginning of this month, hackers attacked the website of the showman and presidential candidate of Ukraine Vladimir Zelensky immediately after the launch.

A little earlier, the YouTube channel of another candidate for President of Ukraine, mayor of Lviv Andrei Sadovoi was attacked by a hacker and was destroyed.


Moldovan Parliament Speaker accused Russia of trying to interfere in the elections


Andrian Candu, Speaker of the Moldovan Parliament, Vice-Chairman of the Democratic Party, said that Russia tried to interfere in the electoral process in Moldova.

As previously stated by the official representative of the Russian Foreign Ministry, Maria Zakharova, Russia does not interfere in the elections in Moldova. Moscow has repeatedly denied accusations of trying to influence the elections in different countries and stressed that there is no evidence to confirm this.

Candu told reporters that the Russian authorities used a number of tools to influence the election campaign. "This includes the Amnesty for migrants, and the removal of customs duties, and the situation with the pilots rescued from Afghanistan," the politician said.

However, the President of Moldova, Igor Dodon, denied the allegations Andrian Candu.

"Russia does not interfere in our elections, and the speaker's statements are blasphemous," Dodon said after visiting the polling station.

The President accused the Democrats of carrying out an anti-Russian policy and that they did not care about the difficulties of Moldovan producers, who lost the main Russian market.

The Head of State expressed the hope that the vote will help change the Parliament and Government and improve the difficult situation in the country.

A massive hacking incident occurred in the Russian social network Vkontakte


On Thursday, February 14, the work of the major Russian social network Vkontakte failed. In VK groups appeared the same link to the post, which was reported that users will now see ads in private messages.

Soon the administrators of the social network reacted and stopped the failure. The vulnerability was completely closed for 20 minutes. Subsequently, representatives of VK apologized for the inconvenience. At the moment, the work of the social network is fully normalized.

After some time, it turned out that the massive hacking was done by hackers who for a year tested the social network for various vulnerabilities and identified the bug. However, the administration of VK has not paid them a reward for finding and eliminating vulnerabilities in the code.

According to them, they did not purposefully report the only error in the code that they used to remind themselves. However, they noted that they did not harm users.

An interesting fact is that the Russian State Duma demanded an investigation of the incident. Alexei Zhuravlev, State Duma Deputy, said that it could be the intervention of the United States or Britain. At the moment, these publications are removed from the network.


Ukrainian Hacker detained for remotely spying on Politicians



A 23 year old Ukrainian Hacker from Kharkiv City detained by the National Police of Ukraine for hacking into personal computers of Ukrainian Citizens and other states.

According to the local press report, the hacker used a malicious software(probably RAT - Remote Access Trojan) to control the victim's computers for almost two years.  It is said he also observed the activities of victims using web camera. The hacker is said to invaded personal life of about 100 people.

A Search and Seizure warrant was executed at the hacker's home, leading to the video recordings of victims and malicious software used in the Cyber espionage.

The motive of the espionage is not clear.  One of the theory says that he received order from some one to target people and got money.  The theory might be true as some of the victims were also members of Ukrainian political parties.

If convicted, the hacker will face up to six years imprisonment.

- Christina


Hackers' attempt to bring down Rostelecom failed



At the end of August, a powerful DDOS attack was launched against Rostelecom, a largest Internet provider in Russia.  According to the local news report, the experts from the company managed to detect and defend the attack within 8 minutes.

If the attack was successful, it coulld disrupted the usage of 170,000 customers and disrupted the work in Kirov region.  Moreover, this attack would have done economic and reputation damages for the Rostelekom.

It is to note that "Rostelecom" is serving a large number of users: about 130,000 people use the Internet, 44000 use the interactive TV, another 300000 use telephony. The customers not only include normal users but also a corporates which includes largest ones.

"Our company has powerful monitoring tools, we can identify these attacks, reflect them and, in most cases, determine where the attack has been initiated. Generally, the purpose of these attacks is to create problem for service provider and users, limiting their access to the Internet, in order to cause commercial and reputation risks.", The technical Director of "Rostelecom" in Kirov region, Alexey Dolzhenkov said.

It is still unknown who is behind this attack, the experts are gathering evidence of the attack.

- Christina


Official forum of Unity Hacked by OurMine Hacking Group


Representatives of the company Unity Technologies released an official statement concerning the hacking of the Unity forum last weekend. Hackers from the notorious group OurMine took responsibility for the attack on the defacement page and told about the theft of data.

Through integrated system for mailing the hackers sent letters to all users of the forum with a message, in which they called themselves a "group of experts". In e-mail attackers also reported on the hacking of the website Unity3D and recommended to change passwords. Hackers claimed that the database of resource was at their disposal. And they have information of more than two million users.

The staff of Unity Technologies confirmed the attack, however, the company denied that hackers got user-level passwords and other personal information. The company explained that the incident occurred as result of "using weak password," but members of the OurMine and the attackers compromised "small number of data". Separately, it emphasized that financial information of users were not affected, and the attack did not affect other services of Unity.

Developers warned that in this incident passwords were not "lost", but they still recommend users to change passwords. Because it is possible that the group have e-mail addresses and passwords obtained from other sources.

Directly after the attack on April 30, 2017 the forum time were not available for some, but now it is operating normally. Representatives from Unity Technologies promise to work on their security, in particular, in the coming weeks two-factor authentication and a more serious password policy should appear on forum.

The group OurMine is known for regularly hacking accounts of different famous personalities. List of victims from hands of hackers include: Mark Zuckerberg (head of Facebook, hacked Pinterest and Twitter), Dick Costolo (ex-head of Twitter, hacked Pinterest and Twitter), Sundar Pichai (head of Google, hacked Quora and messages from the hackers were duplicated in Twitter), Ev Williams (co-founder of Twitter, Blogger and Medium, hacked Twitter), Daniel Ek (head of Spotify, hacked Twitter) and Brendan Iribe (head of Oculus Rift, hacked Twitter), and YouTube-user Pewdiepie, Hollywood actor Channing Tatum and many others.

Vietnamese Hacker who stole identities of 200 million American, sentenced to 13 years

After breaking into the computers of several business entities and stealing the personal identification information of over 200 million Americans, a Vietnamese hacker has finally been sentenced for 13 years in prison.

The Department of Justice on Tuesday, released a report announcing that Hieu Minh Ngo, 25, bagged $2 mn from hacking and stealing the personal identification and selling it to other cyber criminals.

A District Court in New Hampshire finally sentenced Ngo on Tuesday for various fradulent charges, as reported by the Financial Times. Ngo was arrested in february 2013, soon as he entered America.

Back in his home in Vietnam, Ngo was active from 2007 till 2013, for breaking into computer systems and stealing identifiable information like Social security numbers, credit card details, bank account, phone numbers, and advertising about the data on his websites, from where the fellow hackers used to buy the information.

A press release by the Justice Department specified that 'Ngo admitted that he offered access to PII (personally identifiable information) for 200 million U.S. citizens, and that more than 1,300 customers from around the world conducted more than three million "queries" through the third-party databases maintained on his websites'.

The Internal Revenue Service stated that the information sold on Ngo's website to other hackers was used to file income tax returns for more than 13000 people, who saw $65 million returned on their behalf.

'Criminals buy and sell stolen identity information because they see it as a low-risk, high-reward proposition,' Assistant Attorney General Leslie Caldwell said a statement.
'Identifying and prosecuting cyber criminals like Ngo is one of the ways we're working to change that cost-benefit analysis.'

The US Office of Personnel Management revealed that the hackers have stolen more than 21.5 mn social security numbers till now, and out of them 1.1 mn include fingerprints.

Sentencing Ngo has finally taken an initiative for stopping cyber crimes that are breaching the personal identity of civilians.

Digital Constitution hacked, to promote online gambling

Digital Constitution, the Microsoft web site which protects online privacy in a digital world, was hacked to promote online casinos.

According to ZDNet, which first reported about the hacking, the Digital Constitution was running an older version of WordPress when the spammy links were discovered.

Though the links were removed from the front page in the hours following the ZDNet report, a variety of other pages continued link to the gambling sites.

The news reports says that it is unknown how long ago the site was hacked to promote online gambling, whether other Microsoft websites were hacked or not. It is still not clear who was behind the attack.

Ars Technica noted that it was not unusual for hack-by-numbers exploit kits to automatically inject malicious links into vulnerable pages that when viewed by vulnerable computers, perform drive by download attacks.

However, when the company was asked, the Microsoft answered not more than "it's fixed."

According to the news report, the attacker had injected text with keywords like "online casino," "poker, "craps," "roulette," and "blackjack." New pages were added to inject to show content that embeds content from other casino-related websites. 

Hackers steal $24k from Mahwah businessman’s bank account

After big corporations and the government agencies, hackers are now targeting individuals. The hackers stole $240,000 from a local businessman’s bank account in Mahwah by hijacking his phone number.  

According to a report published on CSB New York, at first, the hackers followed and observed the local businessman and gained enough his personal information to convince his bank to wire $240,000 overseas.

Chief of Police James Batelli said that the phone number of the businessman had been hijacked so when the bank called to verify the hackers answered. However, the bank did not get a clue that it was talking to the hackers overseas.

“That is call forwarded to Brussels and the person on that end answers all the proper security questions, which was social security numbers, mother’s maiden name, hospital they were born in; and the bank thinks they’re talking to the person authorized to allow that transfer to go through,” said Batelli.

Batelli said that in order to protect personal information, people should regularly change their security questions.

Kreditech Suspects Insider In Data Breach

Kreditech, a Germany-based  micro-loan startup is investigating a data breach of personal and financial records of thousands of its online applicants, according to Brian Krebs report.

A Web site accessible via Tor, a software that transfers  Internet traffic  to a global network of relays, included links to countless documents, drivers licenses, national Ids, scanned passports, and credit agreements taken from Kreditech’s servers.

A group of  hackers 'A4' professes to have posted the screen shots of the hundreds of gigabytes documents of Kreditech.

Kreditech head of communications Anna Friedrich said, “There is no access to any customer data. This incident stemmed from a form on our website that was stored data in a caching system that deleted data every few days. What happened was that a subset of application data was affected. We are collaborating with the police, but unfortunately there is no more further information that I have to share.”

Further adding Friedrich said that Kreditech believes the data was leaked by an insider, can be former or current employee.

Kreditech, has raised $63 million from investors since 2012. The company grant credit to applicants using traditional data scoring and social media, and provide loans  in Spain, the Czech Republic, Poland, Mexico, Australia, Russia,  Peru, the Dominican Republic and Kazakhstan.

Twitch advises users to change passwords after potential hack

Gaming video broadcaster Twitch recently announced that the site could have potentially been hacked and all users should set new passwords for their accounts on the website.

The company has given out an official statement on the matter saying that hackers could have gained access to personal account information of its users. The website has not given out any information as to how hackers accessed the user information.

Not taking any chances, Twitch has expires the passwords of all its user accounts and also accounts linked from Youtube and Twitter. The company has gone a step further and also asked users to change their similar passwords on other websites.

Twitch is also contacting users personally via email, who they think might have been directly impacted because of the potential breach. In the email (obtained from Twitter user Chris Seymour) Twitch has further stated the information of the affected users at risk.

The email read, 'We are writing to let you know that there may have been unauthorized access to some of your Twitch user account information, including possibly your Twitch username and associated email address, your password, the last IP address you logged in from, limited credit card information (card type, truncated card number and expiration date), and any of the following if you provided it to us: first and last name, phone number, address, and date of birth.'

Twitch has declined to comment publicly what personal information of its users might be at risk.