Misconfigured Server Led to Leak of Twitch Source Code and Proprietary Tools
A misconfigured Twitch server allowed unknown parties to access and steal a massive amount of data, including proprietary software, source code, details on payouts to streamers, and potentially much more.
The data contains sensitive information regarding Twitch payouts made the platform to all top streamers in the past two years. The company said no other financial information was revealed, adding that “full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed.”
It turns out that hackers didn’t actually compromise Twitch infrastructure -- they didn’t have to. Access was provided by mistake.
“We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party,” said the company. “Our teams are working with urgency to investigate the incident.”
Twitch also reset all the stream keys, which means that all streamers have to get new ones and set up the equipment accordingly.
Of course, all Twitch users wonder if their credentials were leaked as well, but the platform says there’s no indication that login credentials were exposed. All the same, changing the passwords as soon as possible is a good idea.
The 4chan anonymous user who posted details on the leaked data also gave everyone access to a 125GB archive, which the user named part 1, hinting that there’s more to come. The company quickly confirmed the breach, but said that they are still trying to determine the extent of it.
The leak information contains everything pertaining to Twitch and a good deal of data from Amazon, its parent company:
· The entirety of twitch.tv, with commit history going back to its early beginnings
· Mobile, desktop, and video game console Twitch clients
· Various proprietary SDKs and internal AWS services used by Twitch
· Every other property that Twitch owns, including IGDB and CurseForge
· An unreleased Steam competitor from Amazon Game Studios
· Twitch SOC internal red teaming tools (lol)
Since this is a developing story, more details are sure to follow.
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside
June 28, 2022
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online
June 28, 2022
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021
June 22, 2022
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data
May 24, 2022
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight
April 15, 2022
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users
April 14, 2022