Earlier this week saw Facebook, Whatsapp, and Instagram all go down in a supposed hacking incident. However, that wasn't the only major thing to happen this Monday; apparently, Twitch was hacked, with an anonymous source posting a 125GB torrent onto 4chan today that contained user data and other sensitive information from the website. Reportedly, this data dump contains a wide variety of different things, such as the source code for Twitch, private SDKs, information about payouts that live streamers receive, clients for various platforms that Twitch is available on, and even data pertaining to other websites that Twitch owns such as IGDB and CurseForge.

Beyond that, there also appears to be an unreleased PC storefront for digital games, with the codename of Vapor, intended to compete against Steam and the Epic Games Store. As for the leaked passwords, they are reportedly encrypted. Regardless, it would be wise to change your password, or even turn on two-factor authentication for Twitch if you haven't already.

According to news outlet VGC, who broke the initial story, the following is in the torrent:

• The entirety of Twitch’s source code with comment history “going back to its early beginnings”
• Creator payout reports from 2019
• Mobile, desktop and console Twitch clients
• Proprietary SDKs and internal AWS services used by Twitch
• “Every other property that Twitch owns” including IGDB and CurseForge
• An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios
• Twitch internal ‘red teaming’ tools (designed to improve security by having staff pretend to be hackers)

According to the 4chan post, the hacker uploaded the leak in order to cause disruption and competition for Twitch, as they find the community to be toxic. While nothing else has been uploaded quite yet, the user claims that they will be leaking even more files soon in the future.

Source

 

[Julie_Pilgrim]

oh neat
*remembers i used my twitch password for some other services*
oh FUCK
(before any of you try it i changed my passwords)

 

[ChiefReginod]

This is a good time to remind everyone to use a different password for each and every account you have. We're at a point where even the mega corps can be pwned. I wouldn't even trust a Google or Microsoft account to be secure. The best we can do is to isolate them from our other accounts and activities as much as is possible.

 

[FAST6191]

We're at a point where even the mega corps can be pwned.

Have they stopped having tissue thin security since they were the only ones that could afford to play?

 

[ChiefReginod]

Have they stopped having tissue thin security since they were the only ones that could afford to play?

Either that or they've just gotten so big it's impossible to secure every potential entry point. I believe the term "tripping over your own dick" could be fitting here.