Streaming platform Twitch was hacked and sensitive data, including the website source code, leaked as a result.
The Amazon-owned streaming platform Twitch experienced a devastating data breach early this morning. While the exact details regarding the hack are unclear, it’s alarming. Some sources have indicated that “everything” has leaked. That includes user data and passwords, streamer payouts and even some plans that Amazon and Twitch were working on behind the scenes.
Before we get to what we know so far, many of those with knowledge of the leak advise users to change their password and enable two-factor authentication (2FA). These two steps could protect you from any account compromisation on Twitch and perhaps beyond.
Twitch Data Breach
No way this is real. If true everything on twitch including source code and payouts are leaked.
Change passwords. I'm hoping addresses aren't part of this. pic.twitter.com/OrPHIvIcke
— Mutahar (@OrdinaryGamers) October 6, 2021
Video Game Chronicle first reported the hack in its entirety. It went down on 4chan, where the alleged hacker leaked 125 GB worth of data. There’s reason to believe the information is accurate. Twitch has not yet acknowledged the incident.
The leaked data list was compiled by VGC and includes the following:
- The entirety of Twitch’s source code with comment history “going back to its early beginnings”
- Creator payout reports from 2019
- Mobile, desktop and console Twitch clients
- Proprietary SDKs and internal AWS services used by Twitch
- “Every other property that Twitch owns” including IGDB and CurseForge
- An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios
- Twitch internal ‘red teaming’ tools (designed to improve security by having staff pretend to be hackers)
This data breach is a nightmare on many different levels for Twitch and its employees. We’ve seen other similar incidents in time, like the infamous Sony hack that occurred in 2014. However, Twitch is experiencing a breach at the hands of hackers looking to expose the platform.
Items mentioned above include streamer payouts, some of which make well over $1M USD before taxes just from subscribers and ad revenue. Notable names atop the list have former Overwatch pro turned variety streamer Felix “xQc” Lengyel. Also on top of the list are Fortnite legends Turner “Tfue” Tenney and Nick “NICKMERCS” Kolcheff.
Another interesting tidbit of information is a product that would rival Steam, dubbed “Vapor.” The details behind this product are unclear but certainly worth keeping an eye on as the situation unfolds.
As previously mentioned, Twitch users need to protect themselves by resetting their passwords and enabling 2FA. There’s no telling what more could come of the data breach that could lead to hacked accounts on Twitch and potentially other websites.
Twitch Confirms Data Breach
We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.
— Twitch (@Twitch) October 6, 2021
Twitch tweeted a response to the data breach and confirmed the incident occurred.
“We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us,” the statement reads.
The following 24 hours will be crucial to see what Twitch ultimately finds and how it plans to navigate the unfortunate situation.
We’ll keep you updated with any additional details that come through the pipeline.
Featured Image: Twitch