Twitch suffers massive data breach as a hacker gets away with source code and streamer payout details

    
71

Twitch is having a very bad day today as a hacker has managed to hack and release 125GB worth of data, which has since been shared in a torrent link on 4chan. Multiple sources have verified the files in question are legitimate, with the hack being described as effectively sharing the entirety of Twitch’s information.

Among the details in the hack are the entirety of Twitch’s source code including comment history from the site’s very early days, creator payout reports from 2019, mobile, desktop, and console Twitch clients, and proprietary SDKs and internal AWS services used by Twitch among other things. The hack also has details about an unreleased Steam competitor from Amazon Game Studios codenamed Vapor, which was planned to have some integration with Twitch in its own unique storefront.

The leak also reportedly has encrypted password data, so users of Twitch are strongly recommended to switch their passwords and use two-factor authentication.

The leaker responsible for sharing the file dump says the attack was done to “foster more disruption and competition in the online video streaming space” because “[Twitch’s] community is a disgusting toxic cesspool.” The leaker also claims that this is just the first part of content due to be leaked, though this person hasn’t indicated what else is planned to be shared.

source: Video Games Chronicle via The Verge, thanks to Anon for the tip!
Advertisement

No posts to display

71
LEAVE A COMMENT

Please Login to comment
  Subscribe  
newest oldest most liked
Subscribe to:
Reader
SmiteDoctor

Reader
Bruno Brito

I’m happy for Zack for being able to make so much money which is enough to give his parents a LOT of comfort in the last years of their lives, but man, am i not interested in hearing a millionaire’s take on life, even if he was poor once.

Reader
SmiteDoctor

He still lives that way though, it’s not like he moved into a mansion and bought a bunch of Lambos like Dr Disrespect.

Reader
Bruno Brito

I’m aware. Still, he can give his parents comfort and pay hospital bills, and maybe that’s enough for them. Doesn’t change the fact that i really can’t give a shit for what someone with 2 million dollars security has to say.

I’m not criticizing Zack for who he is or not. I don’t know him. He became successful and i’m happy for it. But he already lives on a way different world than both me and you, and i really don’t care for what he has to say about it anymore.

Reader
Arktouros

I really liked his point on the impact of this scenario largely being that people who make like 40k a year realizing they’re throwing money at people who make 800k or millions a year in payouts just from Twitch probably feeling a bit more dumb about it.

Reader
Kickstarter Donor
Patreon Donor
Loyal Patron
Ashfyn Ninegold

“A fool and his money are soon parted.”

Reader
Arktouros

Yea earlier I did a review of the amount I was spending on subs and such here and there and ended up just folding it all into a Twitch Turbo plan instead. Works better over all as it removes ads from everyone which is all that honestly matters for me and now I’m just supporting the trillion dollar corporation instead of the million dollar streamers looool

Reader
Schmidt.Capela

One extra bit to remember: if you use the same password on both Twitch and some other site, remember to change the password on the other site too.

Whenever account data that includes passwords is released one of the first thing hackers (and script kiddies) do is to test those login/email/password tuples on just about every other site, as well as cross-referencing that data with other past leaks to find other logins and emails to try. So, if any password you reused was part of a data leak, assume all your accounts with the same password are compromised and act accordingly.

Also, the fact the passwords are encrypted is only of help if your password was rated as strong. If it was something weak such as, say, a dictionary word, assume it will be cracked in seconds.

PlasmaJohn
Reader
Patreon Donor
Loyal Patron
PlasmaJohn

Hopefully when they say “encrypted” (reversible with key) they actually mean “hashed” (must be brute forced). Keys are just another piece of data that can be leaked.

Reader
Schmidt.Capela

Yep, it’s likely hashed (and salted). That is standard for even small systems, and has been for… at least a couple decades? I seem to remember hashed passwords already being the default when installing Debian last millennium. For people with training in system administration it takes a special kind of fool to store passwords any less securely in this day and age.

Even a hashed password can still be broken very quickly if it’s a weak one, though. A GTX3090 is able to brute-force about 4.5 billion zip-file passwords per second, for example, which means it should be able to brute-force any 8-letters password that only uses lowercase letters in less than a minute.

Reader
Kickstarter Donor
Darthbawl

Pretty sure this is how Twitch is feeling right now LOL.

c87426ca532e32b4a8cb8767f06b2dd9.jpg
Reader
Castagere Shaikura

I think I’m safe because I only watch a couple of streams I like once in a while MOP being one and I never gave cc info and I don’t use my real name.

Reader
SmiteDoctor

I may have never linked my Debit Card with Twitch, however how the fck do we not know if our Amazon financial info wasn’t leaked, you know since Twitch is part of Amazon FFS!

EmberStar
Reader
EmberStar

Change your Twitch password, your Amazon password, and your Amazon gaming password. Go through Twitch and make sure you don’t have a saved credit card on file. Remember that the hacker is doing this for “social justice!” and then hope that they get a parasite infestation that makes their genitals explode.

Reader
SmiteDoctor

It’s on my wife’s account, Twitch is under my email, I’m probably fine

Reader
soup4000

that doesn’t really make sense. if one of amazon’s servers is compromised, doesn’t mean the next one is. that’s not how it works

i guess i should be closing my capitalOne account because they run on AWS too. it’s all connected. anything they touch is also compromised, apparently

Reader
SmiteDoctor

Twitch is owned by Amazon though.

Reader
Kickstarter Donor
Greaterdivinity

encrypted password data

Phew, with the authenticator and nothing personal on the account (never saved my CC for when I’d donate to some streamers) I’m not so concerned.

But holy shit, Twitch’s bad year keeps getting worse and worse. I usually don’t care much about BRAND, and Twitch even less than your average BRAND, especially given much of the reporting on how they run the business and their continued painfully unclear and unevenly enforced policies. But like…I think I feel bad for the company now, not just the poor folks who have to deal with the brunt of every controversy and protest.

WayTooLateTV
Reader
Kickstarter Donor
Patreon Donor
Loyal Patron
WayTooLateTV

I guess hunter2 wasn’t good enough. The era of hutner2 begins!

Turing fail
Reader
Patreon Donor
Turing fail

Thanks for the heads-up, Chris; password changed.

Leo
Reader
Leo

I guess someone at twitch opened the ‘hot singles in your area’ e-mail

Reader
Josh

Ah yes, because when I think social justice my mind immediately goes to fucking 4Chan.

“This community is a cesspool so I shared its info with an even bigger cesspool”

Reader
Utakata

…Yeah, I guess I wasn’t the only who caught that. Which makes me think the leaker’s sincerity has been entirely fabricated here.