Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Earlier this month, the Twitch source code and sensitive information belonging to streamers and users were reportedly leaked online by an anonymous user on the 4chan imageboard. The hacker posted a torrent link to a 125GB file with data allegedly stolen from 6,000 internal Twitch Git repositories.
According to the company, it appears that the incident had minimal impact and only affected a “small fraction” of users who will be contacted directly by the organization.
We’ve undergone a thorough review of the information included in the files exposed and are confident that it only affected a small fraction of users and the customer impact is minimal. We are contacting those who have been impacted directly.
An update published on Friday by the streaming site made it clear that no passwords, login credentials, credit cards, or banking information were accessed or exposed following the massive hack they experienced last week.
Twitch passwords have not been exposed. We are also confident that systems that store Twitch login credentials, which are hashed with bcrypt, were not accessed, nor were full credit card numbers or ACH / bank information.
The information exposed in the incident and publicly revealed on the 4chan anonymous imageboard website mostly consisted of files from the company’s source code repository and a subset of data showing the earnings of the top 10,000 Twitch users.
According to the company, the incident occurred as a result of a server configuration change that enabled an unauthorized third party to gain improper access.
We have an update for the community regarding last week’s security incident. Please visit the Twitch blog for more information https://t.co/DatpHD4Bja
— Twitch (@Twitch) October 15, 2021
BleepingComputer reported that the leaked data contained:
- The entirety of twitch.tv, with commit history going back to its early beginnings
- Mobile, desktop, and video game console Twitch clients
- Various proprietary SDKs and internal AWS services used by Twitch
- Every other property that Twitch owns, including IGDB and CurseForge
- An unreleased Steam competitor from Amazon Game Studios
- Twitch SOC internal red teaming tools
- Creator payout reports from 2019 until now
As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.
