Twitch has con­firmed that they’ve suf­fered a major data breach. The hack lead to the release of sen­si­tive infor­ma­tion includ­ing the app’s source code, an Ama­zon-owned Steam com­peti­tor, stream­er pay­outs, and even users’ per­son­al account info.

The com­pa­ny post­ed to Twit­ter, and was straight­for­ward with their audi­ence,  “We can con­firm a breach has tak­en place. Our teams are work­ing with urgency to under­stand the extent of this. We will update the com­mu­ni­ty as soon as addi­tion­al infor­ma­tion is avail­able.” Accord­ing to VGC, Twitch knew about the breach since Monday.

All of this comes just a week after Twitch imple­ment­ed phone-ver­i­fied chat, in an attempt to lim­it the num­ber of hate raids that swamped the plat­form. This ver­i­fi­ca­tion fac­tor was made pub­licly avail­able via a 125 GB tor­rent link that was post­ed to 4chan today. The data leak includes Twitch’s source bode in its entire­ty, pro­pri­etary soft­ware used by Twitch, as well as an unan­nounced com­peti­tor to Steam. It’s from Ama­zon Game Stu­dios and is code­named “Vapor,” com­bin­ing many Twitch fea­tures with a dig­i­tal gam­ing storefront.

Twit­ter users combed through the data and did find it include encrypt­ed pass­words, pos­si­bly leav­ing users’ pro­files vul­ner­a­ble. Twitch users should change thi­er pass­words and enable two-fac­tor authentication.