An anonymous hacker-user, evidently upset about Twitch’s management, posted a 125GB torrent full of user data – including payment information – and the platform’s source code on 4chan.

The theft was motivated thus by the one who at the moment seems to have become Twitch’s main enemy:

[The intention is to] foster competition in the video streaming sector, [because] their community is a "disgusting toxic cesspool" - an expression that is best left in the original language, as it perfectly renders the basic idea, ed.

As a result of the news, the first checks carried out on 4chan gave positive results: the file published by the hacker contains data. Behind the scenes, an anonymous source inside Twitch whispered that the source code and the users’ payment information wouldn’t be fake.

The streaming platform of Amazon, consulted, has not yet commented on the news. Still, according to the same internal source that confirmed the veracity of the information theft, Twitch is aware of what happened and believes that the illegitimate “copy” stolen by the hacker dates back not too many days ago, probably on Monday.

What is leaked?

From what we learn, the file would include:

The entire Twitch source code
Receipts of payments to creators from 2019 to today
Twitch clients for mobile, computer and console
The proprietary SDKs and AWS services used by the platform
“Any other property owned by Twitch”, IGDB and CurseForge included
An unreleased Steam competitor, known internally as Vapor
The “red teaming” tools that Twitch has designed to improve the security of the platform

Change your account details now!

According to one of the users who consulted the public database, there are also a lot of passwords inside it. The dispassionate advice, yours and ours, is to change the Twitch password and verify that two-factor authentication is enabled. A few minutes of “work” well invested waiting for an official position from Twitch, which confirms or denies a data theft that could be very heavy.

https://t.co/O90P42p0fZ got leaked. Like, the entire website; Source code with comments for the website and various console/phone versions, references to an unreleased steam competitor, payouts, encrypted passwords, that kinda thing.
Might wanna change your passwords.#Twitch
— Fahad Khan (@MrFahadKhan) October 8, 2021

Twitch confirms the data leak

Twitch has posted a note on the official website. It provides the first information on the conditions that allowed the data to be exposed – an incorrect server configuration – and two necessary reassurances: Here comes the confirmation by Twitch of the breach date. As stated in the note posted on Twitter, ” Our teams are working urgently to understand the extent of this. We will update the community as soon as we have more information available. Thanks for the support “.

We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.
— Twitch (@Twitch) October 6, 2021

Tags: Leak Security Twitch