Twitch has been at the receiving end of a giant hack that revealed 125GB of data. There is plenty of information in the hack, including creator payouts, a potential Steam competitor, and even the streaming service’s source code.
Update, 10/6/21 12:03 PM Eastern: Twitch posted on Twitter and acknowledged the hack, although it did not go into details.
We can confirm that a breach has occurred. Our teams work with urgency to understand the extent of this. We will update the community as soon as more information is available. Thank you for carrying with us.
– Twitch (@Twitch) October 6, 2021
Video Games Chronicle first discovered the hack, which was aired as a 125GB torrent on 4chan. The hackers claim that it contains the entire Twitch and its commitment history.
In total, the leak contains:
- Three years of data on payment by creators
- Entire Twitch.tv, “with commitment history back to its early beginnings.”
- Twitch source code for mobile, desktop and video game console apps
- Code involving SDKs and internal AWS services used by Twitch
- An as yet unreleased Steam competitor from Amazon Game Studios
- Data regarding other Twitch-owned properties such as IGDB and CurseForge
- Twitch’s “red teaming” security tools
What is not clear is whether the leak contains sensitive data about common Twitch users, such as passwords, addresses, names, and so on. According to the Video Games Chronicle, users on Twitter who claim to have reviewed the massive 125 GB torrent found user data but it has not been verified yet.
It is possible that the hack contained individual user information that was not included in the leak, as it appears to be targeting Twitch as a whole more than individual users.
That said, this leak is also called “part one”, which means there may be more leaks in the future that may contain verifiable user data. It is recommended to use 2FA on your Twitch account to ensure that it is locked and secure.
What should Twitch do?
For its part, Twitch has been quiet about the matter, so we’ll have to wait and see how Amazon-owned streaming service responds to the leak. We would expect to hear something shortly, but we assume the company is doing internal research to uncover exactly what happened to this hack before addressing anything.