Twitch found its systems were compromised Tuesday by a computer hacker, who made off with hundreds of gigabytes worth of company data and leaked them onto the open web.
To complicate matters further, the anonymous hacker has hinted that there were more leaks on the way.
We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.
— Twitch (@Twitch) October 6, 2021
Twitch, the popular streaming company acquired by Amazon in 2014, acknowledged that it was breached but said that it was continuing work to understand the extent of the damage. It did not issue specific guidance for its users who could have possibly been affected, but some prominent streamers reported that the company recommended that they begin changing their passwords to protect themselves.
The anonymous hacker first made themselves known with a thread on the internet forum site 4Chan where they posted what they said was the hacked data they took from Twitch, all while openly taunting the company.
“Jeff Bezos paid $970 million for this,” the purported hacker said in a now-deleted 4Chan post. “We’re giving it away FOR FREE.”
The hacker warned that this leak was “part one,” suggesting that they may be posting more of the 125 gigabytes of data that they say they captured.
Inside the leaked data was reams of confidential company data including source code for the mobile, desktop, and video game console Twitch clients, an unreleased Steam competitor from Amazon Game Studios, and internal security tools used by the company.
Personal information like payment histories to Twitch users was among the leaked material, but absent were email accounts, passwords and personal addresses.
A former Twitch security engineer told Vice News that the security data that was exposed was not particularly sensitive and much of it was dated. He said that much of the most sensitive data in the source code he designed was moved during his time at the company, and that should limit the damage of the leak.
The hacker also provided what could be considered a hint into their motivations. In their 4Chan post, they said the point of the leak was to “foster more disruption and competition” in the Twitch community which they derided as a “disgusting toxic cesspool.”
Twitch’s culture has been criticized as being rife with hatefulness that often has sexist or racist tones. In some cases, users under assault in these “hate raids” received messages that included personal details, including their home addresses.
On Sept. 1, Twitch users staged a virtual walkout to make their displeasure felt about the abuse faced by minority and female users on the platform. The company acknowledged the #DayOffTwitch campaign and expressed both its support as well as promises to do more to combat abusive behavior in the Twitch community.