2 min read

Misconfigured Server Led to Leak of Twitch Source Code and Proprietary Tools

Silviu STAHIE

October 07, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Misconfigured Server Led to Leak of Twitch Source Code and Proprietary Tools

A misconfigured Twitch server allowed unknown parties to access and steal a massive amount of data, including proprietary software, source code, details on payouts to streamers, and potentially much more.

The data contains sensitive information regarding Twitch payouts made the platform to all top streamers in the past two years. The company said no other financial information was revealed, adding that “full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed.”

It turns out that hackers didn’t actually compromise Twitch infrastructure -- they didn’t have to. Access was provided by mistake.

“We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party,” said the company. “Our teams are working with urgency to investigate the incident.”

Twitch also reset all the stream keys, which means that all streamers have to get new ones and set up the equipment accordingly.

Of course, all Twitch users wonder if their credentials were leaked as well, but the platform says there’s no indication that login credentials were exposed. All the same, changing the passwords as soon as possible is a good idea.

The 4chan anonymous user who posted details on the leaked data also gave everyone access to a 125GB archive, which the user named part 1, hinting that there’s more to come. The company quickly confirmed the breach, but said that they are still trying to determine the extent of it.

The leak information contains everything pertaining to Twitch and a good deal of data from Amazon, its parent company:

· The entirety of twitch.tv, with commit history going back to its early beginnings
· Mobile, desktop, and video game console Twitch clients
· Various proprietary SDKs and internal AWS services used by Twitch
· Every other property that Twitch owns, including IGDB and CurseForge
· An unreleased Steam competitor from Amazon Game Studios
· Twitch SOC internal red teaming tools (lol)

Since this is a developing story, more details are sure to follow.

tags


Author



Right now

Top posts

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

December 21, 2021

2 min read
Online Shoppers Beware, Mobile Scams Are on the Rise

Online Shoppers Beware, Mobile Scams Are on the Rise

December 17, 2021

2 min read
The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Data of 500,000 already vulnerable people stolen from Red Cross Data of 500,000 already vulnerable people stolen from Red Cross
Radu CRAHMALIUC

January 20, 2022

1 min read
Printing Giant RR Donnelley Forced into Talks with Conti Ransomware Group to Stave Off Corporate Data Leak Printing Giant RR Donnelley Forced into Talks with Conti Ransomware Group to Stave Off Corporate Data Leak
Filip TRUȚĂ

January 20, 2022

1 min read
Top Five Security Tips for Mac Users in 2022 Top Five Security Tips for Mac Users in 2022
Filip TRUȚĂ

January 19, 2022

4 min read