Amazon’s Twitch hit with major breach of source code, security tools, streamer payouts, and more | #emailsecurity | #phishing | #ransomware

The Amazon-owned livestreaming network Twitch has confirmed that it’s been hacked, in what one BBC analyst called “the biggest leak I have ever seen.”

Early Wednesday, an anonymous poster on the infamous 4chan message board put up a torrent that contains 125GB of what purports to be internal data from Twitch, reportedly to “foster more disruption and competition in the online video streaming space.”

At least some of the supposed Twitch data has been confirmed as legitimate, such as information about the payments received by several of Twitch’s top streamers. Video Game Chronicle, which was the first outlet to formally break the story, has sources that estimate the data in the leak could’ve been obtained as recently as Monday.

Twitch Tweeted Wednesday that “a breach has taken place,” but has yet to publicly offer further information.

“We’re currently investigating the issue and will have more to share as we have additional detail,” a Twitch spokesperson told GeekWire via email.

The information contained in the leak is surprisingly thorough, and the original poster identified the torrent as “part one.” Taken at face value, anyone who downloaded the public torrent would have access to the platform’s source code across all available platforms; Twitch’s internal security and development tools; and a commit history — a full list of changes and revisions — that reaches back to the site’s founding, years before its acquisition by Amazon in 2014.

The leak also encompasses data from related Amazon properties such as the gaming mods site CurseForge and the Internet Games Database (IDGB), as well as information regarding future projects from Amazon Game Studios. This includes the codenamed “Amazon Vapor,” a digital storefront being made as a potential competitor to Valve Software’s Steam.

A particular flashpoint of the breach on social media has been payout information, which seems to disclose how much money Twitch paid its top talent per month over the course of the last two years.

The documentation, which includes figures for xQc, shroud, Hasanabi, Pokimane, and the Dungeons & Dragons live-play show Critical Role, only lists direct payouts from Twitch itself. It does not include audience donations, sponsorship deals, or merchandise sales, but would include a streamer’s share of subscription fees and ad revenue attached to their channel.

The Twitch leak identifies Critical Role — the self-described “nerdy-ass voice actors who sit around and play Dungeons & Dragons” — as one of the single most lucrative broadcasts on the entire network. (Critical Role Image)

Some analysts have reported that the leak actually underestimates top streamers’ earnings, particularly for high-end creators who have a cash-on-the-barrelhead exclusivity deal with Twitch. Other sources, such as the BBC, have contacted streamers who confirmed that their earnings details in the leak are accurate.

Even so, Twitch is usually tight-lipped about just how much it’s paying its professional talent. Having this information out in the world could be one of the single most damaging parts of the leak, as it gives competitors like YouTube Gaming and the up-and-coming Trovo an idea of how much to offer streamers, were they to try and poach exclusives from Twitch.

The leak, at time of writing, only appears to contain internal data from Twitch itself, and doesn’t include personal data or passwords from the service’s users. Given the quantity and type of the data that is included, however, and the torrent being identified as “part one” of the leak, it’s still probably worth changing your Twitch password and enabling two-factor authentication if you haven’t done so already.

Twitch was started in 2011 as a gaming-focused spin-off from the seminal streaming website It was subsequently acquired by Amazon in 2014 for $970 million, and over the last few years, has become the biggest player in online livestreaming. While simple live-blogging (“Just Chatting“) has recently become the single most popular style of programming on the site, much of Twitch’s day-to-day content is still focused around live feeds of broadcasters playing various video games.

As per the independent analyst site StreamElements, Twitch viewers watched 1.9 billion hours of content on the site in August 2021. Its closest competitor, Facebook Gaming, “only” hit 567 million. At its most recent height, in Oct. 2020, roughly 91% of the people who are hosting livestreamed content at all are thought to be doing so via Twitch.

Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

sixty eight − sixty five =