2 min read

Misconfigured Server Led to Leak of Twitch Source Code and Proprietary Tools

Silviu STAHIE

October 07, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Misconfigured Server Led to Leak of Twitch Source Code and Proprietary Tools

A misconfigured Twitch server allowed unknown parties to access and steal a massive amount of data, including proprietary software, source code, details on payouts to streamers, and potentially much more.

The data contains sensitive information regarding Twitch payouts made the platform to all top streamers in the past two years. The company said no other financial information was revealed, adding that “full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed.”

It turns out that hackers didn’t actually compromise Twitch infrastructure -- they didn’t have to. Access was provided by mistake.

“We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party,” said the company. “Our teams are working with urgency to investigate the incident.”

Twitch also reset all the stream keys, which means that all streamers have to get new ones and set up the equipment accordingly.

Of course, all Twitch users wonder if their credentials were leaked as well, but the platform says there’s no indication that login credentials were exposed. All the same, changing the passwords as soon as possible is a good idea.

The 4chan anonymous user who posted details on the leaked data also gave everyone access to a 125GB archive, which the user named part 1, hinting that there’s more to come. The company quickly confirmed the breach, but said that they are still trying to determine the extent of it.

The leak information contains everything pertaining to Twitch and a good deal of data from Amazon, its parent company:

· The entirety of twitch.tv, with commit history going back to its early beginnings
· Mobile, desktop, and video game console Twitch clients
· Various proprietary SDKs and internal AWS services used by Twitch
· Every other property that Twitch owns, including IGDB and CurseForge
· An unreleased Steam competitor from Amazon Game Studios
· Twitch SOC internal red teaming tools (lol)

Since this is a developing story, more details are sure to follow.

tags


Author



Right now

Top posts

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

FTC warns LGBTQ+ community of extortion scams targeting them on dating apps FTC warns LGBTQ+ community of extortion scams targeting them on dating apps
Graham CLULEY

July 01, 2022

2 min read
OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you? OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you?
Radu CRAHMALIUC

June 30, 2022

3 min read
Dealing with Cyberbullying as Adults and Children through Communication - School Presentation Inside Dealing with Cyberbullying as Adults and Children through Communication - School Presentation Inside
Silviu STAHIE

June 30, 2022

2 min read