The Verge reported on Wednesday, October 6th, 2021 that cyber villains unknow have struck again! This time targeting Twitch, an content sharing and streaming platform owned by Amazon.
The Verge had the following report, which can be found at https://www.theverge.com/2021/10/6/22712250/twitch-hack-leak-data-streamer-revenue-steam-competitor
Twitch source code and creator payouts part of massive leak
The leaked data also includes a Steam competitor
Twitch appears to have been hacked, leaking source code for the company’s streaming service, an unreleased Steam competitor from Amazon Game Studios, and details of creator payouts. An anonymous poster on the 4chan messaging board has released a 125GB torrent, which they claim includes the entirety of Twitch and its commit history.
The poster claims the leak is designed to “foster more disruption and competition in the online video streaming space.” The Verge is able to confirm that the leak is legitimate, and includes code that is as recent as this week. Video Games Chronicle first reported details on the leak earlier today.
Twitch has confirmed it has suffered a data breach, and the company says it’s “working with urgency to understand the extent of this.”
The leak includes the following:
- 3 years worth of details regarding creator payouts on Twitch.
- The entirety of twitch.tv, “with commit history going back to its early beginnings.”
- Source code for the mobile, desktop, and video game console Twitch clients.
- Code related to proprietary SDKs and internal AWS services used by Twitch.
- An unreleased Steam competitor from Amazon Game Studios.
- Data on other Twitch properties like IGDB and CurseForge.
- Twitch’s internal security tools.
The leak is labelled as “part one,” suggesting there could be more to come. Video Games Chronicle reports that Twitch is aware of the breach, but the company has not yet informed its userbase.
The leak doesn’t appear to include password or address information on Twitch users, but that doesn’t mean this information hasn’t been obtained as part of this breach. In fact, the leaker seems to have focused on sharing Twitch’s own company tools and information, rather than code that would include personal accounts.
While Twitch has confirmed a data breach, it’s still unclear exactly how much data has been stolen. We’d recommend changing your Twitch password and enabling two-factor authentication on your account if you haven’t done so already.
Twitch has been struggling to contain ongoing hate and harassment recently. After weeks of hate raids, some Twitch streamers took a day off in August to protest against the company’s lack of action. Twitch has responded to the #DoBetterTwitch movement, and it’s a hashtag that the anonymous poster has used today to promote this leak.
Updates on the Twitch security incident can be found on the platform’s own website at https://blog.twitch.tv/en/2021/10/06/updates-on-the-twitch-security-incident/