Earlier this week saw Facebook, Whatsapp, and Instagram all go down in a supposed hacking incident. However, that wasn't the only major thing to happen this Monday; apparently, Twitch was hacked, with an anonymous source posting a 125GB torrent onto 4chan today that contained user data and other sensitive information from the website. Reportedly, this data dump contains a wide variety of different things, such as the source code for Twitch, private SDKs, information about payouts that live streamers receive, clients for various platforms that Twitch is available on, and even data pertaining to other websites that Twitch owns such as IGDB and CurseForge.

Beyond that, there also appears to be an unreleased PC storefront for digital games, with the codename of Vapor, intended to compete against Steam and the Epic Games Store. As for the leaked passwords, they are reportedly encrypted. Regardless, it would be wise to change your password, or even turn on two-factor authentication for Twitch if you haven't already.

According to news outlet VGC, who broke the initial story, the following is in the torrent:

• The entirety of Twitch’s source code with comment history “going back to its early beginnings”
• Creator payout reports from 2019
• Mobile, desktop and console Twitch clients
• Proprietary SDKs and internal AWS services used by Twitch
• “Every other property that Twitch owns” including IGDB and CurseForge
• An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios
• Twitch internal ‘red teaming’ tools (designed to improve security by having staff pretend to be hackers)

According to the 4chan post, the hacker uploaded the leak in order to cause disruption and competition for Twitch, as they find the community to be toxic. While nothing else has been uploaded quite yet, the user claims that they will be leaking even more files soon in the future.

Source

 

[Plazorn]

I thought something was up.

 

[slaphappygamer]

Finally! I can login as @Chary and pretend I’m level 100.

 

[chrisrlink]

no

don't argue with Costelo it's bad for your health he IS a site admin here

 

[deinonychus71]

What's fascinating to me is how their excuse always sound so childish.

"Toxic community". EVERY community once it reaches a certain size has toxic elements. That's no excuse.

 

[the_randomizer]

Too bad it wasn't Twitter instead.

 

[kusanaginico]

Vapor is the spanish word for steam XD

 

[linuxares]

Too bad it wasn't Twitter instead.

ooof... that however would be deserving of a medal of world peace

 

[the_randomizer]

ooof... that however would be deserving of a medal of world peace

Twitter is a far more toxic platform. If you so much as disagree with someone, they verbally crucify you. Nothing of value would be lost.

 

[linuxares]

Twitter is a far more toxic platform. If you so much as disagree with someone, they verbally crucify you. Nothing of value would be lost.

Whats more Toxic? Twitter or League of Legends?
Ah yes, both exists on Twitch.

 

[ChiefReginod]

Let's just keep trusting our data to these soulless mega corps with flaccid security.

 

[FAST6191]

What's fascinating to me is how their excuse always sound so childish.

"Toxic community". EVERY community once it reaches a certain size has toxic elements. That's no excuse.

I would usually opt instead for the game makes the community; if better performance is gained by being an elitist arsehole then you will generate elitist arseholes, even from those without a particular disposition to being one, even more so if being elite requires secret knowledge or non obvious knowledge. See also the DOTA/MOBA scene where things are non obvious (people insist on having jank made because it was a mod that retooled another quite different game), a bad player will tank your team and thus rankings (which are the only things people see about you)...
As the game of twitch does not reward cooperation (literally if they are watching someone else they are not watching you and big numbers if the only way to roll both mechanically for the host and the player, and more pragmatically), will inevitably trend towards the flashy (as a great song once said "I'm in a ratings system here, and the key factor is sensationalism") or very least trendy. Wind in some further serious monetary incentives, worse still those that can speak to laziness, and it gets more fun still. This is also saying nothing about agendas and whatnot from various parties involved.

Couple that with https://knowyourmeme.com/memes/greater-internet-fuckwad-theory (though anonymity is good stuff so might be a have to take the pain scenario) and yeah.

Granted I am not sure I see a way to making it work without all that, even as a loss leader for a company but especially if it is supposed to turn a profit/vaguely break even.

 

[Jayro]

I'll never understand why they store that sensitive shit online to begin with. It's like they're just BEGGING to have it stolen.

 

[splapoon102]

https://haveibeenpwned.com/

 

[RatherSimple]

I don't care and really dislike twitch as many of you do but this is a massive breach! Now there are going to be million copycat twitch clones lmao. I also don't like they're trying pretend they're not hosting softcore porn but banning people just because they're earning too much than others. Either admit that you're now a zero-nudity chaturbate (lol) or actually do host support gaming content other than call of duty.

I'm prepping a huge bulk of popcorns for the upcoming dramas and inside jobs. I always wondered why disrespect got banned from twitch out of no where.

 

[ZeroFX]

It's the hacker 4chan at it again

 

[FAST6191]

I'll never understand why they store that sensitive shit online to begin with. It's like they're just BEGGING to have it stolen.

Most of that would be the sort of thing I expect those with access to whatever code storage to have access to.

If we are all supposed to be remote working these days and not in offices with air gapped networks and patted down for USB drives on the way out. Whether they have some valve style "everybody can work on anything" or just failed to compartmentalise I don't know.
The payouts thing has me curious, usual bet there is if this is not some kind of in through a small hole approach then someone decided to play database checker with some real data (why I imagine it is 2019 data rather than something more current) and "don't need to anonymise it", that or if it did include red team tools and such then maybe it was the prize.

Now there are going to be million copycat twitch clones lmao.

I doubt it. If the opening post is accurate then it is wound fairly tightly into Amazon's services (some of which may not even be available to the public), most generally avoid using code stolen from others and anybody that could sensibly anonymise it and make it more generalised can probably happily make a RTMP/RTSP server -- the principle is not hard, just needs a fair chunk of bandwidth.

 

[subcon959]

So, are there any risks to Amazon held credentials here?

 

[Dr_Faustus]

I would rather a youtube leak but I will take this.

+1 for wishing it was Youtube as well. I would have loved to see what is being used to screw around everyone and just have the community cannibalize the system by eternally fucking with the algorithms. If nothing else, at least the internal workings brought to light will show just how awful they are as a system.

 

[Viri]

It's like Youtube. But worse!

It used to be a website about gaming, but now it's like My Free Cams, you pay the girls, but the girls don't actually get naked.

 

[Viri]

Too bad it wasn't Twitter instead.

Nobel Peace Prize material right there.