Twitch was attacked by an anonymous hacker and had several important data leaked into the 4chan, as the platform source code and user payment information. This Wednesday (6), the suspect posted a 128GB torrent file with all the stolen materials and said in the post that the Twitch community was a “disgusting and toxic cesspool” and that it wanted to “provoke division and competition in online video streaming”.
The torrent was found on 4chan first by VGC, which confirmed the existence of the files mentioned by the hacker. A company that declined to be identified checked the torrent’s content and claimed to have found Twitch’s source code and payment data for registered users on Amazon’s streaming platform.
According to the hacker, the leaked data includes Twitch’s source code — including desktop, mobile and console clients, as well as comment histories — various software development kits (SDK) and Amazon Web Services (AWS) resources ), and information about other Twitch properties such as IGDB and Curse Forge.
There are also internal tools used by the site’s “red team” — people who pose as hackers to improve Twitch’s security — data on an alleged Amazon Games platform that competes with Steam, code-named Vapor, and financial reports on payments made. to streamers between August 2019 and September 2021.
O post no 4chan it also included the hashtag #DoBetterTwitch (#MelhoreTwitch, in Portuguese). It is worth remembering that a hashtag similar to this one had been created by streamers who felt insecure on the platform and asked Twitch to create measures to protect the creators and prevent “hate raids”.
On social networks, people are sharing payment reports from streamers, especially the most famous ones who had the information leaked. Popular personalities like xQc, Amouranth, Asmongold and summit1g, as well as Brazilians like Gaules, Alanzoka and loud_joker are in the list of leaked profiles.
The hacker claimed that this is only the first part of the leak and that there is still more data to share in the future.
Twitch confirmed to have suffered the hacker attack
In a Twitter post, Twitch testified to having suffered the hacker attack. “We can confirm that a violation has occurred. Our teams are urgently working to understand the extent of this. We will update the community as additional information becomes available. Thank you for staying with us.”
However, the company did not provide details about the leaked contents. Even exposing streamers’ earnings, the initial leak didn’t show sensitive user data, such as passwords, account emails, phone numbers or addresses. From the looks of it, the hacker wants to harm the platform, not the people.
Enable two-factor authentication on Twitch
Anyway, to protect yourself after this attack, we recommend changing the Twitch password as soon as possible, enabling two-factor authentication and generating another transmission key (stream key).
The walkthrough for enabling two-factor authentication on Twitch is as follows:
- Log into the Twitch website, click on your avatar in the upper right corner of the screen and enter “Settings”;
- Go to the “Security and Privacy” tab and scroll down until you find the “Security” section;
- Select “Set up two-factor authentication” and follow the onscreen instructions (you’ll need your cell phone).
With information: VGC, Eurogamer.
Update on October 6, 12:50: Inclusion of official Twitch communiqué confirming hacker attack.