[Update 8:55am PT: Twitch has confirmed the leak took place this morning, via a statement on Twitter.
We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.
— Twitch (@Twitch) October 6, 2021
"We can confirm a break has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us," the statement reads.
It's a good idea to get those passwords changed as well as set up 2FA on your account, as we recommend below. ]
Original Story Follows:
It's a good idea to change your Twitch passwords and set up two-factor authorization, since there are reports that a huge 125GB leaked torrent of Twitch data posted to 4chan today, is full of a variety of potentially sensitive information, from encrypted passwords, security tool info, the Twitch source code itself, to payout records to streamers.
The leak was reported on by VGC, which noted that files had begun circulating, with some being able to verify at least some of the data as legitimate. VGC reports that the data files include:
- The entirety of Twitch’s source code with comment history “going back to its early beginnings”
- Creator payout reports from 2019
- Mobile, desktop and console Twitch clients
- Proprietary SDKs and internal AWS services used by Twitch
- “Every other property that Twitch owns” including IGDB and CurseForge
- An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios
- Twitch internal ‘red teaming’ tools (designed to improve security by having staff pretend to be hackers)
The scope of this leak is serious, and the uploader notes a motive as retaliation of sorts, because “their community is a disgusting toxic cesspool”. Twitch is no stranger to controversies and difficulties. Just recently, there have been requests and even a protest day due to the rise in "hate raids". However, with the data breach here including a ton of proprietary and even development data, there is some that will be less applicable or damaging to the general public right now, but there is still some risk if you’re a Twitch user.
The uploader also noted that more leaks would be coming, but given the size and scope of this one, it's hard to know what's left. Still, a security breach is one of those issues that you should take seriously, even if you're just an average Twitch user or use sites like CurseForge.
