Do you stream on Twitch or like to enjoy this type of content?
Then it’s probable that you’ve asked this question (“Has Twitch Been Hacked?”) recently.
Everyone’s talking about this leak – even those who aren’t familiar with the content platform.
But not many people do know why it happened. So, let’s get facts out now.
When and How Did Twitch Get Hacked?
Video Games Chronicle (VGC) first reported the leak. They received information about an anonymous Twitter post made on Wednesday, which linked to 125 GB 4chan torrent.
Multiple outlets (VGC, The Verge, BleepingComputer, and others) verified all the files inside, publicly available to download, are legitimate.
According to VGC, the data dump list includes Amazon-owned Twitch’s source code, among other valuable information:
- Twitch clients from mobile, desktop, and console.
- Twitch’s Internal AWS and Proprietary SDKs
- Information about “Vapor”, codenamed, unreleased Steam competitor developed by Amazon Game Studio
- Internal “red-teaming” tools
- Creator-payout reports
The latest was the main reason why so many people found out about this event.
Most content creators took the attention-grabbing controversy as a meme to attract more viewership.
Unfortunately, this probably won’t stop here. It seems like this leak is just “part one.”
James Chappell (Co-founder at Digital Shadows) explained that “user data” wasn’t included in the leaked archive, so more Twitch members’ information can be released soon.
The least you can do is to be careful about what type of info you input inside the platform.
What is known so far, is that the attackers gained access and stole the data by abusing a failure in Twitch’s server configuration.
The security team of Twitch hasn’t said much either. Only that they “are still investigating the incident to fully assess the impact of this incident.”
Our investigation is ongoing, and we are in the process of analyzing all of the relevant logs and data to assess actual impact. For an update see https://t.co/mp8wndXv03
— Twitch (@Twitch) October 7, 2021
Why Did Twitch Data Leaked?
A lot of theories came after the leak was exposed everywhere.
Some people say that this is was a commercial attack. But if we follow the clues, like the post originally published on 4chan, we discover that whoever’s responsible hates what’s going on the platform.
More specifically, this was an attempt to “foster more disruption and competition in the online-video streaming space,” because “their community is a disgusting toxic cesspool.”
Even Twitch acknowledges this problem. That’s why they keep looking for ways to get rid of“botting, hate raids and other forms of harassment targeting marginalized creators.”
We’ve seen a lot of conversation about botting, hate raids, and other forms of harassment targeting marginalized creators. You’re asking us to do better, and we know we need to do more to address these issues. That includes an open and ongoing dialogue about creator safety.
— Twitch (@Twitch) August 11, 2021
Luckily, for now, it doesn’t seem that addresses or banking information was leaked this time. But still poses a security risk, because vulnerabilities in the source can be exploited by cybercrime groups.
You might be wondering… Does this affect you at all?
It does, in two ways:
- You’re a Twitch user and don’t want your personal information to get leaked.It’s advised that you follow the procedures to change your login credentials, and turn on two-factor authentication before watching or starting the next stream.
After all, hackers can use this data for phishing attacks in the future.
If you have the gut feeling that this is happening already, then be aware of emails, text messages, phone calls, or even letters coming from “Twitch” or related services.
- You trust your current digital infrastructure and assure it’s impenetrable.Well, I don’t want to be a fun sponge, but this is not possible.There’s no such thing as 100% safe cybersecurity… But you can get close with the help of experts.
Would you like to know if there’s a vulnerability in your business’ online assets?