Infosec Experts: Twitch Breach “As Bad as it Gets”
Gaming and content streaming giant Twitch has confirmed a breach has taken place at the firm, after reports claimed a hacktivist leaked its entire source code, creator info and internal data.
A brief statement from the Amazon-owned firm, posted yesterday afternoon, said: “Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.”
That came after Video Games Chronicle first reported that an anonymous 4Chan user posted a 125GB torrent link to the site containing the data dump. Sources told the site it could have been taken as recently as Monday.
Leaked data reportedly includes all of the firm’s source code; mobile, desktop and console clients; proprietary SDKs and internal AWS services; and “every other property” it owns, including IGDB, CurseForge and an unreleased Steam competitor, dubbed “Vapor.”
Also leaked were red teaming tools used by the firm’s SecOps function and, perhaps most embarrassing, sensitive information on how much it paid its most popular streamers back in 2019 — which reached millions of dollars for some.
It appears the hacker may have been