An anonymous hacker-user, evidently upset about Twitch’s management, posted a 125GB torrent full of user data – including payment information – and the platform’s source code on 4chan.
The theft was motivated thus by the one who at the moment seems to have become Twitch’s main enemy:
[The intention is to] foster competition in the video streaming sector, [because] their community is a "disgusting toxic cesspool" - an expression that is best left in the original language, as it perfectly renders the basic idea, ed.
As a result of the news, the first checks carried out on 4chan gave positive results: the file published by the hacker contains data. Behind the scenes, an anonymous source inside Twitch whispered that the source code and the users’ payment information wouldn’t be fake.
The streaming platform of Amazon, consulted, has not yet commented on the news. Still, according to the same internal source that confirmed the veracity of the information theft, Twitch is aware of what happened and believes that the illegitimate “copy” stolen by the hacker dates back not too many days ago, probably on Monday.
What is leaked?
From what we learn, the file would include:
- The entire Twitch source code
- Receipts of payments to creators from 2019 to today
- Twitch clients for mobile, computer and console
- The proprietary SDKs and AWS services used by the platform
- “Any other property owned by Twitch”, IGDB and CurseForge included
- An unreleased Steam competitor, known internally as Vapor
- The “red teaming” tools that Twitch has designed to improve the security of the platform
Change your account details now!
According to one of the users who consulted the public database, there are also a lot of passwords inside it. The dispassionate advice, yours and ours, is to change the Twitch password and verify that two-factor authentication is enabled. A few minutes of “work” well invested waiting for an official position from Twitch, which confirms or denies a data theft that could be very heavy.
Twitch confirms the data leak
Twitch has posted a note on the official website. It provides the first information on the conditions that allowed the data to be exposed – an incorrect server configuration – and two necessary reassurances: Here comes the confirmation by Twitch of the breach date. As stated in the note posted on Twitter, ” Our teams are working urgently to understand the extent of this. We will update the community as soon as we have more information available. Thanks for the support “.