Over the last year, Twitch has come under fire for a variety of controversies. Hate Raids, Hottub Streams, and channel boosting have put Twitch under the limelight. Each controversy on its own would be fine but the combined issues within a single year’s time have many streamers and viewers alike concerned. Now a new data breach brings more negative press towards Twitch and has many on the platform looking at alternate streaming options. Today, Twitch has confirmed that a massive data breach has occurred resulting in source codes, user payouts, and passwords being leaked. With this breach, users should change their passwords.
Earlier today, a 4chan user posted a link leading to a 125GB zipped folder; in his post, he stated that the leak was intended to, “foster more disruption and competition in the online video streaming space” because “their community is a disgusting toxic cesspool”. The folder is still available to download. Many in the gaming community have started to look over the data to verify its authenticity.
Twitch has confirmed the leak is authentic:
“We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.”
What the Breach Entails
This data breach has revealed the following:
- The entirety of Twitch’s source code with comment history “going back to its early beginnings”
- Creator payout reports from 2019
- Mobile, desktop, and console Twitch clients
- Proprietary SDKs and internal AWS services used by Twitch
- “Every other property that Twitch owns” including IGDB and CurseForge
- An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios
- Twitch internal ‘red teaming’ tools (designed to improve security by having staff pretend to be hackers)
Securing Your Account
What this data breach has shown us is that it is important to have two-factor authentication turned on. To enable two-factor authentication, log on to Twitch, click your avatar, and choose Settings. Once in settings, select Security and Privacy and then scroll down to the Security setting. Select edit Two-Factor Authentication to enable it if it is not already activated. If not, follow the instructions to turn it on, you will need an alternate confirmation source to enable it. Two-factor authentication is required once a streamer reaches affiliate status.
What It Revealed
The leak shows that 81 Twitch streamers have made more than $1 million on Twitch since August 2019. Just in September 2021, xQcOW, summit1g, loltyler1, hasanabi, and ibai were the top 5 paid streamers. These five individuals made over 150k during September just from Twitch. Additionally, it shows Critical Role, xQcOW, summit1g, Tfue, and NICKMERCS have made the most on Twitch since August 2019.
What do you think of the individuals that are on the top 100 list? Does the amount of money made surprise you? Remember to change your passwords!
