Popular streaming platform Twitch confirmed on Twitter that it suffered a data breach.
The Amazon-owned service says its “teams are working with urgency to understand the extent of this.”
We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.
— Twitch (@Twitch) October 6, 2021
Hackers accessed Twitch’s source code and published over 125GB of data online from Twitch and related services.
The data includes the source code for Twitch and an unreleased Steam competitor from Twitch’s parent company, Amazon. The leaked information also included three years’ worth of payouts to Twitch creators. Further, the massive leak was labelled ‘part one,’ suggesting more data could come in the future.
The person who posted the leak claims it’s meant to “foster more disruption and competition in the online video streaming space” and called the Twitch community “a disgusting toxic cesspool.”
It’s worth noting that Twitch has recently struggled to deal with ‘hate raids.’ Creators took a day off last month to protest and bring attention to the increased harassment and hate raids plaguing the platform. Considering the comment about Twitch’s community, it’s possible the attack could be related to the ongoing harassment issue.
Although the leak doesn’t appear to include passwords or address information for users, that doesn’t mean hackers didn’t obtain that information in the breach. If you use Twitch, you should probably update your password and add two-factor authentication (2FA).
The leak includes the following information:
- Three years of Twitch creator payouts
- The entirety of twitch.tv, including “commit history going back to its early beginnings”
- Source code for the mobile, desktop and video game console Twitch clients
- Code from proprietary SDKs and internal Amazon Web Services (AWS) used by Twitch
- An unreleased Steam competitor from Amazon Game Studios
- Data on related Twitch properties like IGDB and CurseForge
- Twitch’s internal security tools
Ultimately, it appears hackers targeted Twitch and its system rather than users. But again, this is also allegedly the first part of a larger leak. It also remains unclear how hackers gained access to so much Twitch data and whether they exploited a larger flaw in AWS. If so, that could pose significant problems since AWS powers such a larger amount of the internet.