The online entertainment streaming platform – Twitch had its sensitive data leaked publicly due to an error in server configuration!
The leaker has posted the dump in a public forum, blaming that Twitch’s community is a cesspool thus needs to be hit. The data dump consisted of Twitch’s source code, internal tools, proprietary and unreleased software, etc, but not the users’ account credentials or their card data.
Twitch Data Breach
While Twitch is open for various live streaming opportunities, many flock around the platform for games. There are millions of game streamers and hundreds of millions who watch everyday.
With this massive traffic, the platform also attracted hate speech, abuse, and other negative comments in streams, pushing top streamers to demand a better regulation. While Twitch claims to be working on this, an unknown hacker breached the platform and dumped its stolen data on a public forum.
We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.
— Twitch (@Twitch) October 6, 2021
Though this dump surfaced a couple of days back in the 4chan forum, Video Games Chronicle – the one first reported – claims that Twitch knew about the leak already since October 4th, with rumors prevailing strongly in the community, the platform finally confirmed the incident:
“We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this.” Further, it reasoned the leak with “an error in a Twitch server configuration change that was subsequently accessed by a malicious third party.”
As of now, the 126GB leak repository includes;
- Twitch’s mobile, console, and desktop clients
- Twitch.tv’s entire source code
- Information about integrated services like IGDB and CurseForge
- An unreleased Steam competitor, (codenamed Vapor) from Amazon Game Studios
- Payout Information of more than 2.4 million creators from August 2019 to now.
- Proprietary software development kits and internally used red-teaming tools for handling platform security.
While there are no user-related details like account credentials or credit card data included, the dump was named Part 1, so the second part may have this information when leaked. Thus, as a matter of precaution, it’s suggested to change the account credentials and apply two-factor authentication for better security.
Other Trending News:- News