Twitch Suffers Massive Data Breach; Source Code and User Data Leaked [UPDATE]
UPDATE: Twitch has confirmed that the data breach happened. In a Twitter statement, the platform has both recognized the problem and is currently working on a solution
We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.
— Twitch (@Twitch) October 6, 2021
Twitch has recently suffered a massive hack that reportedly took the website's source code as well as years of creator payouts. An anonymous 4Chan poster put out 125GB of data from the video streaming service on Wednesday. The leak was intended to “foster more disruption and competition in the online video streaming space” because “their community is a disgusting toxic cesspool”.
According to VGC, a company source told them that the data that was leaked is legitimate. Not only that, but the data itself includes the source code for the streaming platform. Internally, Twitch is aware of the breach, the source said, and it’s believed that the data was obtained as recently as Monday.
The leaked data from Twitch includes the following:
- The Entirety of Twitch's Source Code with Comment History
- Creator Payout Reports from 2019
- Mobile, desktop, and console Twitch Clients
- Proprietary SDKs and Internal AWS services used by Twitch
- "Every other property that Twitch owns" including iGDB and CurseForge
- An unreleased Steam competitor (ala Epic Games Store) code-named Vapor from Amazon Game Studios
- Twitch internal 'Red Teaming' tools designed to improve security by having staff pretend to be hackers (the irony is palpable)
One user on Twitter included several highlights from the Creator Payout Report. You can see them below:
The gross payouts of the top 100 highest-paid Twitch streamers from August 2019 until October 2021: pic.twitter.com/3Lj9pb2aBl
— KnowSomething (@KnowS0mething) October 6, 2021
Some other users have combed through the data and have confirmed that the torrent also includes encrypted passwords. As such, we recommend you (if you have a Twitch user account) to change your password and enable Two-Factor Authentication. That way, your account will be safe even if your password is compromised.
Additionally, it's suggested to reset your Stream key as it's been found out that Stream keys were also leaked. As such, resetting Stream Keys is the safest option at the moment for lots of users alongside the aforementioned password change and 2FA enabling.
The anonymous leaker has stated that this is just the first part of the content due to be leaked but hasn’t stated what they plan to also release as "Part 2". At the time of writing, Twitch has made no response regarding this data breach.