First reported by VGC, An anonymous hacker has apparently managed to leak the entirety of Twitch, including its source code and information regarding user payout data.
https://t.co/7vTDeRA9vt got leaked. Like, the entire website; Source code with comments for the website and various console/phone versions, refrences to an unreleased steam competitor, payouts, encrypted passwords that kinda thing.
Might wana change your passwords.— Sinoc (@Sinoc229) October 6, 2021
This news has come in the form of a post on the notorious message board 4Chan where a user posted a torrent link for 128GB worth of internal Twitch data including:
- The entirety of Twitch.tv including comment history
- The mobile, desktop, and video game console Twitch clients
- Various proprietary SDKs and internal AWS services used by Twitch
- Additional properties owned by Twitch including IGDB and CurseForge
- An unreleased Steam competitor from Amazon Game Studios
- Twitch SOC internal red teaming tools
- Creator pay-out reports from 2019 onward
Twitter users that have downloaded the data have also claimed that it includes encrypted user passwords and though has yet to be verified at this time, it is recommended that you change your password and/or adding two-factor authentication to your account if you haven’t done so already. Another interesting feature of the data is the presence of Unity code for a game called Vapeworld. From what we can tell, this appears to be a chat software based on Vapor, the code name for Amazon’s unreleased Steam competitor.
UPDATE: One anonymous company source told VGC that the leaked Twitch data is legitimate, including the source code.
Internally, Twitch is aware of the breach, the source said, and it’s believed that the data was obtained as recently as Monday.
— VGC (@VGC_News) October 6, 2021
According to the original poster, who may have attained the data as early as Monday, the intention of this leak was to “foster more disruption and competition in the online video streaming space” because “their community is a disgusting toxic cesspool”, however, leaking people’s private information is the ideal way to go about this. Twitch has yet to make a statement about the leak beyond what has been mentioned to VGC thus far.
Leaking of passwords and other personal information was recently discussed by Karl and Keith on the recent episode of The Spectator Mode Podcast, where Karl mentioned that giving extra information to Twitch, which could be leaked, could cause doxxing to happen to many users of the platform. You can listen to more about that particular conversation here.
