Twitch Confirms Major Data Leak, But Passwords Safe
UPDATE 15/10/21: Twitch has issued an additional statement concerning the recent data leak, affirming that passwords have remained unscathed.
“Just as we previously stated, the incident stemmed from a server configuration alteration that enabled unauthorized access by a third party. Our team promptly took measures to rectify the configuration problem and safeguard our systems,” it declares.
“Twitch passwords have not been compromised. We are also certain that the systems storing Twitch login credentials, which are encrypted with bcrypt, were not accessed, nor were full credit card numbers or ACH / bank details.
“The exposed data primarily encompassed documents from Twitch’s source code repository, along with a subset of creator payout data. We have conducted a comprehensive examination of the information contained in the exposed files and are confident that it only affected a minuscule portion of users, with the customer impact being negligible. We are directly contacting those who have been impacted.
“We take our obligation to protect your data with the utmost seriousness. We have taken steps to further fortify our service, and we offer our apologies to our community.”
We have an update for the community regarding last week’s security incident. Please visit the Twitch blog for more information https://t.co/DatpHD4Bja
— Twitch (@Twitch) October 15, 2021
To see this content please enable targeting cookies. Manage cookie settings
ORIGINAL STORY 07/10/21: In the wake of a significant leak of its source code, Twitch has provided more detailed comments via a new blog post, confirming that “some data” had been exposed, although there was “no indication” that login particulars had been leaked.
This post follows an initial tweet from the Amazon-owned streaming platform, as previously reported.
The Twitch source code was leaked by an anonymous hacker on 4chan, with the intention of “fostering more disruption and competition in the online video streaming arena”. The data includes streamer revenue reports and an unreleased Steam competitor from Amazon Game Studios.
“We have discovered that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party. Our teams are working urgently to investigate the incident,” the Twitch blog post reads.
“As the investigation is underway, we are still in the process of comprehending the impact in detail. We understand that this situation raises concerns, and we wish to address some of them here while our investigation continues.
“At this point, we have no evidence that login credentials have been exposed. We are continuing to investigate.
“Furthermore, Twitch does not store full credit card numbers, so they were not exposed.”
The company has also directly emailed streamers to notify them that stream keys have been reset and that, depending on the software used, streamers might need to update the software with the new key.
Streamers have also been advising one another to change Twitch passwords and activate two-factor authentication.
If you’ve changed your Twitch password as a result of the data breach, be aware that this also disconnects any connected apps like OBS.
If you’re missing your Twitch chat and other docks, you will need to reconnect your account under Settings / Stream.
— OBS (@OBSProject) October 6, 2021
To see this content please enable targeting cookies. Manage cookie settings
Cybersecurity experts have cautioned about the potentially severe consequences of the leak.
As shared by PC Gamer, the founder and CEO of ThreatModeler, Archie Agarwal, told the Threatpost blog, “This is as bad as it could get.
“The first question on everyone’s mind must be: How on earth did someone extract 125GB of the most sensitive data imaginable without triggering a single alarm?” he stated. “There are going to be some very tough questions asked internally.”
BBC cyber reporter Joe Tidy said: “And if it is all confirmed, it will be the largest leak I have ever witnessed – an entire company’s most valuable data wiped out in one go.”
He added that the aftermath of the attack could be substantial when YouTube Gaming has already lured some of Twitch’s top streamers with the promise of large contracts.
The release of top streamer revenue also brings into question the lack of diversity among the highest earners. There is a rich diversity among Twitch streamers, but when white men dominate the earnings figures, it suggests a deficiency in the discoverability and visibility of diverse communities – something that marginalized streamers have been advocating against with #TwitchDoBetter.
And with issues like the hot tub meta earlier this year, where male streamers complained about their viewers being stolen, the release of these figures proves that this claim is simply not true.
At the top of the leaked earnings list is Critical Role, a TTRPG company that champions diversity. If anything, this merely proves the power of having an inclusive environment on Twitch.
All of this comes as no great surprise to marginalized streamers. “All that energy we expend whining and crying about how women were ‘making a dangerous precedent’ amidst incels shouting ‘titty streamers’ and they’re not even in the same category for payouts,” Twitch streamer PleasantlyTwstd said on Twitter. “Find the Black person on [the top earnings list] while you’re at it.”
Everyone after the Twitch leak: “Wow it seems like mostly white men creators who make the most money in gaming, that doesn’t seem balanced..”
Us: pic.twitter.com/Djn07UtN4B
— Black Girl Gamers (@blackgirlgamers) October 6, 2021
To see this content please enable targeting cookies. Manage cookie settings
Some of y’all are paying a bit too much attention to how much money the top Twitch streamers make, and not enough attention to marginalized creators who struggle to grow simply because of their identity, in my opinion
— Jeff Brutlag ️ (@jeffbrutlag) October 6, 2021
To see this content please enable targeting cookies. Manage cookie settings
Other streamers have pointed out the 50-50 revenue split Twitch takes on streamer earnings, which further emphasizes the amount of money Twitch itself earns from its streamers.
The leaked Twitch payouts should truly be an eye-opener and a topic for discussion about the exploitation Twitch inflicts on its creators. Taking 50% of the majority’s pay is outrageous, and we don’t make nearly as much as viewers assume we do.
— 𝔡𝔞𝔫𝔦 (@motherrmoon) October 6, 2021
To see this content please enable targeting cookies. Manage cookie settings
