Twitch Data Breach Could Be ‘Potentially Disastrous’

Twitch, the live-video site popular with gamers, said on Wednesday that it had endured a data breach that security researchers believe may have provided sweeping insight into the platform’s computer code, security vulnerabilities and payments to its content creators.

Twitch, which is owned by Amazon, confirmed that it had been breached hours after a user posted what the user claimed was an enormous trove of Twitch data onto the anonymous message board website 4chan. The user said the 128 gigabyte file was only the first part of the leak.

The user said the file contained, among other items, the history of Twitch’s source code; proprietary software development kits; an unreleased competitor to Steam, an online games store; programs Twitch was using to test its own security vulnerabilities; and a list of the amount of money that each of the site’s streamers has earned since 2019.

“Find out how much your favorite streamer is really making!” the user posted. “Jeff Bezos paid $970 million for this, we’re giving it away FOR FREE.”

Twitch did not respond to a request for comment about details of the breach. “Our teams are working with urgency to understand the extent of this,” the company wrote on Twitter. “We will update the community as soon as additional information is available.”

Ekram Ahmed, a spokesman for Check Point, a cybersecurity company, said it was the company’s “strong suspicion” that Twitch’s code had truly been leaked, which was “potentially disastrous.”

“It opens a gigantic door for evildoers to find cracks in the system, lace malware and potentially steal sensitive information,” he said.

The incident sent Twitch’s community of streamers into a panic.

Kaitlyn Siragusa, known to her 4.4 million followers as Amouranth, said in a text message that it was “quite shocking so much information could be breached.” Saqib Zahid, who streams to his 2.8 million followers as Lirik, said in a Twitter direct message that the incident was “frustrating,” but he was “not surprised.” Natalia Mogollon, known as Alinity online, said via a Twitter direct message that her reaction was “disappointment.”

And Félix Lengyel, one of the top earners and most notable personalities on the platform, simply tweeted in all-caps: “HEY @TWITCH EXPLAIN?”

According to the list of earnings, which could not be independently verified, some notable personalities had made millions of dollars since 2019. Some streamers confirmed their numbers were accurate — though others disputed the figures.

“All data in there on me is 100% true in terms of payout value info,” tweeted Scott Hellyer, a streamer who goes by tehMorag. “This is real and will impact people for years.”

Another streamer, Hasan Piker, anticipated people getting angry about the amount of money the list said he had made.

The 4chan user included the hashtag #DoBetterTwitch, a variation of the hashtag #TwitchDoBetter that has been used in recent months by members of the Twitch community after the proliferation of so-called hate raids, in which users bombard streamers, particularly women and people of color, with abusive and offensive messages.

Independent cybersecurity researchers said they were analyzing the data and combing the so-called dark web in order to figure out what had happened.

“Twitch leak is real. Includes significant amount of personal data,” tweeted Kevin Beaumont, a cybersecurity researcher. “If the people involved truly want to fight toxicity in gaming, they might want to look into a mirror as that kind of leak is toxic behavior.”

source: nytimes.com