Twitch had a massive data breach the other day.
As first reported by the Video Games Chronicle, Twitch has been leaked.
That’s right – not just some of Twitch’s data. All. Of. Twitch.
What do I mean by this?
Nothing much. Just that, according to the hacker, the following information has been leaked:
- All of Twitch’s source code. Not just their current source code, but every single change in their source code, all the way from when back when Twitch was founded!
- Creator payout reports from 2019 to the present day, listing how much money different creators have made over time. Some people have cataloged creator’s payouts, so check them out if you’re curious. I didn’t realize how many Twitch streamers are millionaires! At least 81 creators have made a million dollars from Twitch alone (not including merch sales, Youtube revenue, etc.) over the past two years.
- The source code for Twitch’s mobile, desktop, and console clients.
- The hacker says, “every other property that Twitch owns including IGDB and CurseForge”. I assume this means the source code of these projects, like what happened with Twitch’s main website.
- An unreleased competitor to STEAM from Amazon Game Studios. Many sources on the internet claim that this project is called Vapor.
- Red team tools used by Twitch employees. These are the tools used by the white hat (good) hackers Twitch hires to test if their website is secure.
- Some internal resources used by Twitch (according to the hacker, “various proprietary SDKs and internal AWS services used by Twitch”).
Bear in mind that I have not personally verified this information, nor do I plan on doing this. I will be keeping up with the news and updating this post as needed to correct any false information. It seems that a number of other news sites are reporting the same information as the hacker and validating his claim, but none of the major sources I have seen claim to have verified this information personally. People on Twitter, however, who have gone through the files seem to be confirming this information to be true.
This is probably the worst case scenario for Twitch. Someone managed to make their way into their system and seems to have grabbed a hold of all of Twitch’s data. I wouldn’t be surprised if they also have access to most (if not all) Twitch users’ emails.
Twitch has acknowledged that there has been a breach, but they haven’t yet confirmed what data has been leaked. It remains to be seen what caused this lapse in security and what measures Twitch will put in place to prevent something like this from happening again.
Even crazier, though, is the fact that this post is labeled Part 1. Who knows what other data will be released soon?
All in all, this is a catastrophic data breach for Twitch. The full ramifications of this remain to be seen, but this is really, really bad. I would not want to the head of of Twitch’s security team right now.
Sources:
- Original source: The Video Games Chronicle
- Where I first heard about this: /u/carldude on Reddit
- Twitch’s response
- The Verge
- @Sinoc229 on Twitter