The livestreaming platform had over 100GB of data posted online this week when a “malicious third party” got hold of confidential company information and earnings made by streamers.
And after confirming the data breach, Twitch has now said the leak was caused by a "server configuration change" that "exposed" some data.
Twitch did not confirm if all the data posted online was genuine, but the Amazon-owned company said the breach had involved "a Twitch server configuration change that was subsequently accessed by a malicious third party".
The company added: "As the investigation is ongoing, we are still in the process of understanding the impact in detail.”
While news of the leak has caused Twitch users to scramble to change their passwords, Twitch insists there is "no indication" login details were compromised "at this time".
The company also said it does not store users' credit-card information, so that kind of financial information could not have been exposed.
It is believed at this time the leak was caused by human error, and occurred when someone set up the computers that store Twitch's private data incorrectly, making it findable and downloadable to hackers.
Twitch confirmed the breach earlier this week, and said it was "working with urgency" to understand the extent of the problem.
The company tweeted: "We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us."