It appears that the entirety of Twitch.tv was hacked, so if you have an account there, you’ll probably want to change your password …
Developer Sinoc shared the information, after an anonymous hacker posted a huge download link.
Twitch.tv got leaked. Like, the entire website; Source code with comments for the website and various console/phone versions, references to an unreleased steam competitor, payouts, encrypted passwords that kinda thing.
While the passwords are encrypted and probably safe, it’s still a good precautionary measure to change them. It’s also advisable to reset your stream key and ensure two-factor authentication is enabled.
Some streamers, whose payouts were leaked, have confirmed them as correct. A company source is also reported by Video Games Chronicle to have confirmed the security breach as genuine.
The user posted a 125GB torrent link to 4chan on Wednesday […]
One anonymous company source told VGC that the leaked data is legitimate, including the source code for the Amazon-owned streaming platform.
Internally, Twitch is aware of the breach, the source said, and it’s believed that the data was obtained as recently as Monday. We’ve requested comment from Twitch and will update this story when it replies.
Ironically, the leaked data is said to include internal penetration-testing tools.
- The entirety of Twitch’s source code with comment history “going back to its early beginnings”
- Creator payout reports from 2019
- Mobile, desktop and console Twitch clients
- Proprietary SDKs and internal AWS services used by Twitch
- “Every other property that Twitch owns” including IGDB and CurseForge
- An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios
- Twitch internal ‘red teaming’ tools (designed to improve security by having staff pretend to be hackers)
Twitter users have been quick to post spreadsheets of the earnings of the highest-paid Twitch streamers, which is both a significant privacy breach and data likely to prove valuable to competitors.
The hacker has said their motivation was to disrupt the space because “their community is a disgusting toxic cesspool.” I initially suspected this was relating to so-called “hate raids,” where bots are used to flood the comments of streamers with personal attacks, but it appears that it may instead have been a protest at inconsistent application of the rules, with the service banning sexually suggestive streams but allowing ‘hot tub’ streams.
Twitch said back in the summer that the company was working hard to address this, but many are unhappy about the lack of results.
FTC: We use income earning auto affiliate links. More.
Comments