Twitch Was Hacked
The Source Code of the App and Payment Reports Got Leaked Online.
Twitch is a video live streaming service based in the United States that specializes in video game live broadcasting, including esports tournaments.
Twitch also provides music broadcasts, original material, and, more lately, “in real life” streaming, and is Amazon.com, Inc. subsidiary.
Recently the Twitch source code and sensitive information belonging to streamers’ and users’ were leaked online by an anonymous user on the 4chan imageboard, as a torrent link leading to a 125GB archive containing data was shared.
Their community is also a disgusting toxic cesspool, so to foster more disruption and competition in the online video streaming space, we have completely pwned them, and in part one, are releasing the source code from almost 6,000 internal Git repositories.
BleepingComputer reports that the leaked Twitch data contains:
- The entirety of twitch.tv, with committed history going back to its early beginnings
- Mobile, desktop, and video game console Twitch clients
- Various proprietary SDKs and internal AWS services used by Twitch
- Every other property that Twitch owns, including IGDB and CurseForge
- An unreleased Steam competitor from Amazon Game Studios
- Twitch SOC internal red teaming tools
- Creator payout reports from 2019 until now
What Data Was Leaked?
We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.
— Twitch (@Twitch) October 6, 2021
Twitch posted yesterday some official updates regarding the unfortunate event:
We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party. Our teams are working with urgency to investigate the incident.
As the investigation is ongoing, we are still in the process of understanding the impact in detail. We understand that this situation raises concerns, and we want to address some of those here while our investigation continues.
At this time, we have no indication that login credentials have been exposed. We are continuing to investigate.
Additionally, full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed.
The 125GB archive is titled “Part One,” in this way creating the possibility of future leaks. A small subset of data shows the earnings of the top 10,000 Twitch users next to their usernames.
Here’s a more comprehensive list of leaked Twitch payouts (I will keep updating this thread as more things come out). pic.twitter.com/15JItvp6l4
— KnowSomething (@KnowS0mething) October 6, 2021
What Was the Reason for the Attack?
It’s quite possible for this leak to represent a direct reply to Twitch’s attitude about the importance of fending off hate raids targeting streamers.
The anonymous leaker used the #DoBetterTwitch hashtag, which was previously used on Twitter by the streamers who shared how their Twitch stream chats were flooded with harassment bots, and eventually Twitch acknowledged this issue.
Thank you to everyone who shared these difficult experiences. We were able to identify a vulnerability in our proactive filters, and have rolled out an update to close this gap and better detect hate speech in chat.