Twitch Hack Causes Frenzy Online
After the recent Facebook outage, this week is coming to an end with Twitch being hacked. The hack has resulted in Twitch’s source code being leaked. The leak included the source code for the company’s streaming service which was to compete with Steam, amongst other things. The leak was released on 4chan by an anonymous user with a link to a 125GB torrent, which includes Twitch’s entire commit history.
According to the user that posted the torrent link on 4chan, the hack was meant to disrupt the online video streaming market. Many sources have already confirmed the leak is authentic, and it includes code as recent as this week. The news of the leak was first reported by Video Game Chronicles, and once the news of the leak became a matter of discussion on popular social media platforms, Twitch came clean about the hack.
We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.
— Twitch (@Twitch) October 6, 2021
As for the data that has been leaked online, it includes the following information:
- Creator payouts.
- Commit history of Twitch TV from its early beginnings.
- Source code for Twitch apps on desktop, mobile, and video game consoles.
- Code for internal AWS services and proprietary SDKs employed by Twitch.
- An unreleased build for an app that was to compete with Steam.
- Data on other properties like CurseForge and IGDB.
- Internal security tools.
The data leak by the anonymous user on 4chan seems a bit more personal, with the individual referring to the platform as “a disgusting toxic cesspool.” It is also worth noting the leak was referred to as “part one,” implying there is more to come. For now, it seems as though the leak does not include usernames and passwords, and instead is more focused on Twitch’s data and tools.
Twitch may have acknowledged the hack, but it has not elaborated the extent of the damage. Twitch users are advised to change their credentials and enable 2FA authentication immediately.
While Twitch has a lot of fallout to deal with, its parent company, Amazon, may have deal with blowback as well. Amazon owns Twitch, but it also owns runs Amazon Web Services, one of the biggest cloud computing firms that have data centers catering to sensitive government and corporate information, and are even trusted by US spy agencies.
So far, Twitch has been unable to determine how a hack of such a magnitude went unnoticed. Initial tweets by Twitch suggested that data was leaked due to a change in server configuration which was accessed by an unauthorized party. According to an AWS spokesperson, this had nothing to do with AWS services, and it continues to operate as expected. Moreover, Twitch assured users that it does not store customer credit card information, and refused to comment any further.
Regardless of who was behind the Twitch hack, this incident has revealed that no one is safe online, not even on platforms like Twitch. But the real question Amazon will have to deal with it as Twitch picks up the pieces is if it should have given Twitch the attention it deserved, and how it can form a protective partnership henceforth.
For more on the Twitch hack, stay tuned with Ivacy VPN.