Twitch has acknowledged a “breach” after an anonymous poster on the 4chan messaging board leaked its source code, an unreleased Steam competitor from Amazon Game Studios, details of creator payouts, proprietary software development kits, and other internal tools. The leak is said to have happened as a result of an error in a Twitch server configuration change that was subsequently accessed by a malicious third party.
On the good side of things, the management has indicated that login credentials were not exposed and credit card numbers are not stored by Twitch so full credit card numbers were not exposed.
The forum user claims “the hack is designed to foster more disruption and competition in the online video streaming space” this is due to the fact that “their community is a disgusting toxic cesspool.” This was first reported by Video Games Chronicle who said Twitch was aware of the leak on October4. The attackers have said this is just one part of the leak as more could be on the way.
The Data Leak standing at 125GB is said to include the following;
The entirety of Twitch’s source code with commit history “going back to its early beginnings”
Proprietary software development kits and internal AWS services used by Twitch
An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios
Information on other Twitch properties like IGDB and CurseForge
Creator revenue reports from 2019 to 2021
Mobile, desktop and console Twitch clients, and
Cache of internal “red teaming” tools designed to improve security
When a leak of internal source code occurs, it enables interested parties to search for vulnerabilities in the source code. The current data leak may not contain password related details, users are advised to change their credentials as a precautionary measure and turn on two-factor authentication for additional security.