Game-streaming platform Twitch has confirmed that a massive data breach has taken place, with confidential company information and streamers' earnings released online this week.
More than 100GB of documents leaked by anonymous hackers appear to show source code for the company’s streaming service and payout data from Twitch's top streamers, showing each made millions of dollars from the Amazon-owned company in the past two years.
Twitch confirmed the breach on social media Wednesday (Oct. 6) and said it was "working with urgency" to understand the extent of it. In a statement posted on its Twitter account, the company said it would "update the community as soon as additional information is available".
We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.— Twitch (@Twitch) October 6, 2021
Twitch's video live streaming service focuses on video game live streaming, including broadcasts of esports competitions.
According to VideoGames Chronicle, the leaked Twitch data includes:
- The entirety of Twitch’s source code with commit history “going back to its early beginnings”
- Creator payout reports from 2019
- Mobile, desktop and console Twitch clients
- Proprietary SDKs and internal AWS services used by Twitch
- “Every other property that Twitch owns” including IGDB and CurseForge
- An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios
- Twitch internal ‘red teaming’ tools (designed to improve security by having staff pretend to be hackers)
The leak has also been labeled as “part one,” suggesting that there could be more to come.
While the leak doesn’t appear to include password or address information on Twitch users, users are advised to change their Twitch passwords just to be sure.
Those who have Twitch accounts are also advised to turn on two-factor authentication, which ensures that even if passwords are compromised, users still need a phone to prove one's identity using either SMS or an authenticator app.
To turn on two-factor identification:
- Log on to Twitch, click your avatar and choose Settings
- Go to Security and Privacy, then scroll down to the Security setting
- Choose Edit Two-Factor Authentication to see if it’s already activated. If not, follow the instructions to turn it on (you’ll need your phone)