Twitch is an American video live streaming service that centres around video game live streaming, including broadcasts of esports competitions. In addition, it allows music broadcasts, creative content, and real lifestreams.
It is administrated by Twitch Interactive, which is a subsidiary of Amazon.com, Inc. It was launched in June 2011 as a successor to Justin.tv and offers content that can be viewed either live or via video-on-demand.
On October 6, 2021, an unknown banner on 4Chan distributed 135 gigabytes of internal data stolen from Twitch. The date even includes exactly how much money the platform’s biggest streamers make on Twitch.
Twitch even confirmed the breach in an official Tweet.
We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.
— Twitch (@Twitch) October 6, 2021
On Wednesday, the poster distributed a link to a torrent of 135 GB, calling it “an extremely poggers leak”, which supposedly holds the source code for all Twitch clients for different operating systems, an unreleased Steam competitor, and internal tools that Twitch’s security team uses.
Image Source: Vice
Scott Hellyer, one of the streamers whose data was present in the leak, told Motherboard:
I really hope that no major personal info (Full names, emails, address, phone number, banking info) gets out in the rumoured next part of the leak,” he said. “People are going to be harassed for this info as it now fully confirms what some sites have been trying to figure out through bots scanning channels. Real dollar values will push people to think differently about who they watch if it can’t be discussed/disclosed, unfortunately.
I dont know Twitch anymore man
Their site has been zipped up and is out in the wild for all to see – This is the first of multiple dumps
CHANGE YOUR PASSWORD ON SITES THAT USE THE SAME PASS ON TWITCHPlease dont harass any staff
This is going to be a bumpy week for everyone… https://t.co/QWgIDe4XIc— Scott Hellyer (@tehMorag) October 6, 2021
Hasan Piker, who is one of the platform’s biggest streamers, immediately Tweeted.
just woke up to some fun news. cant wait for ppl to be mad at me about my publicly available sub count again.
— hasanabi (@hasanthehun) October 6, 2021
Rachel Tobac, CEO of SocialProof Security, told Motherboard.
Streamers already have an elevated threat model because they’re in the public eye and deal with harassment and cyber threats constantly (like SIM swaps, swatting attacks, unwanted food deliveries, etc). Leaking the personal earning details for these streamers, unfortunately, increases their threat model even more. Cybercriminals often target individuals with definitive high net worth — now that this Twitch payout data is public, scammers may attempt to perform account takeovers on Twitch streamers financial services accounts and steal that money.
In other words, this Twitch hack and leak may be worse for streamers and content creators than for the company itself. So, as several cybersecurity experts are suggesting, streamers should lock down their financial services.
In addition, PayPal and their banks should also have a robust and different password while upgrading their multi-factor authentication to the most powerful form available.
Although no personal data has surfaced on the black market yet, we hope this incident is not as grave as the recent T-mobile data breach and attack on AT&T.