Responsible Disclosure Policy

We aim to keep Twitch safe for everyone and maintaining the safety and privacy of your data is one of our top goals. If you’ve discovered a security vulnerability in Twitch, we appreciate your help in disclosing it to us in a responsible manner. If you feel you have found a vulnerability, please email us at security@twitch.tv

Please include the following in security submissions:

  • Your email address
  • Your full name
  • Summary of issue (e.g., XSS on Page xxx, SQLi in yyy, CSRF on Page nnn)
  • Steps to reproduce the issue and/or a proof of concept
  • To report something particularly sensitive, you can let us know in your initial email to security@twitch.tv, and we’ll get back in touch about getting us the information using PGP.
  • If you wish to be recognized for having participated in our responsible disclosure program, please state that along with the name you would prefer to be listed under. We will list contributors who send us issues that have a CVSS score of High or above and that have not yet been disclosed.

Thank you to contributors to security at Twitch!


Waseem Ullah Siddiqui - Fastian
Greg Stefanowich (@GStefanowich)
Mohammad Obaid
Jouko Pynnönen
Glen Takahashi
Kevin Roh (rohk)
Eric Hurkman
Aidan Woods (@aidantwoods)
Ashley Boxshall
Aditya Agrawal
Ali Hassan Ghori
Allan Tomol
Benjamin Bacher
Cirja Florinel-Vasile (@quistertow)
Evan Ricafort (@robinhood0x00) 
Josefine Nielsen (@Pseudochu) x2 
Juan Broullón Sampedro (@The_Pr0ph3t)
Koutrouss Naddara
Madhu Akula
Mehmet Nurcan
Mohamed A. Baset
Nakul Mohan(@Anonymous_India)
Nemesis
Othmane Tamagart aka 0thm4n@WhiteHatSec
Sachin Thakuri
Sangeetha Rajesh
Sarath Kumar
Shrushti Sarode
Simone Memoli
Stepan Obraztsov
Swapnil A. Thaware
Venkat (@PranavVenkatS)