On October 6, an anonymous hacker leaked a 125 GB cache of data that contains Twitch’s source code among many other things on 4chan, according to news site Video Game Chronicles (VGC).
Twitch confirmed that the leak is indeed real and is currently working on figuring out the extent of the breach as well as fixing it. It’s unknown what the full extent of the leak is beyond the aforementioned 125 GB, but it’s still recommended that Twitch users change their passwords and enable two-factor authentication.
Massive Twitch Hack
The hacker posted a message on 4chan with a link to the 125 GB torrent, which they claim has the entirety of Twitch and its commit history.
The leaked data reportedly has the following:
- Twitch’s source code with its commit history going back to the site’s beginnings
- Creator payout reports from 2019 until now
- Mobile, desktop, and video game console clients
- Proprietary SDKs and internal AWS services used by Twitch
- An unreleased Steam competitor called Vapor from Amazon
- Some of Twitch’s properties like CurseForge
- Some of Twitch’s internal security tools
According to the same post, this is only part one. It’s unknown just how much data the hacker or hackers got their hands on and when the next leak will be.
Leaking Company Secrets
Some Twitter users have started to comb through the data cache and one claims that the leak also includes encrypted passwords and recommends people enable two-factor authentication or 2FA. This can be turned on by going to Settings in your Twitch accounts and going to Security and Privacy.
They're called gray hat hackers, they've been around for years.
— 💜⛓️Cofii_Chan⛓️💜- ENVtuber (@ChanCofii) October 6, 2021
Beyond some encrypted passwords, things like addresses, email accounts, and other forms of personal information have not been leaked. Whoever this person is, it appears that they focused on sharing company tools and information rather than personal accounts.
On that 4chan post, the hacker calls the Twitch community a “disgusting toxic cesspool” and wants to create more disruption and competition in video game streaming.
With this hack, Twitch’s long list of problems continues. In recent times, Twitch has come under fire from creators and users for not taking action against hate raids and the harassment that members of the community have been subjected to.
It has gotten so bad that some streamers took the day off in August to protest Twitch’s lack of action and created the #DoBetterTwitch movement to get it into the public eye.
End hate raids.
Add protections for marginalized creators.#TwitchDoBetter
— Raven is The Devil 😈 (@RekItRaven) August 7, 2021
Twitch has implemented new tools to combat hate raids, from new verification tools to chat filters. The company has even gone so far as to sue two users who are thought to be the originators of hate raids.
Interestingly enough, the same #DoBetterTwitch hashtag made its way onto the hacker’s 4chan manifesto, seemingly as a protest to the company’s recent inaction. One security expert even called the hack the “biggest leak [he has] ever seen” since the most valuable of Twitch’s data got cleaned out.
Twitch Streamers Respond
Response by creators is about what many would suspect. Some streamers were mildly surprised and even made jokes about it, while others like Nick Polom said on stream that he feels violated by the leak.
Twitch, I am live right now being relentlessly SHIT ON by my community for being "poor"
— Nmplol (137) (@nmplol) October 6, 2021
Regardless, the leak will have untold consequences for Twitch and its streamers, many of whom make a shaky living on the site. Streamers already have to deal with living under public scrutiny but this leak increases the severity of the privacy issue even more.