Amazon-owned video game streaming platform Twitch detected a data breach on Wednesday, 6 October, which experts have termed as a “highly targeted attack”.
"We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party," the online platform wrote in a blog.
Twitch further stated that it is in the process of investigating the hack to understand its impact in detail. On Thursday, the service added that they have reset all stream keys owing to 'an abundance of caution.'
What is being dubbed as 'the worst possible breach' by cybersecurity experts, here's all you need to know about the disruptive attack.
The 'Worst Possible' Twitch Data Breach, Explained
1. What Is Twitch?
Twitch is Amazon's interactive, live-streaming service. Predominantly hosting gamers, the online platform allows its users to watch other people play video games, interact with other users or live-stream their own gameplay with the public.
Streamers with enough level of engagement can also earn money through subscriptions and Twitch partnerships.
Expand2. What Happened? More About The Hack
According to Video Games Chronicle, an anonymous hacker posted a 128 GB torrent link on social media platform 4chan on Wednesday, claiming that it contained the 'entirety of Twitch'.
Saying that the leak was aimed at fostering "more disruption and competition in the online-video streaming space," the hacker asserted that the Twitch community was a "disgusting toxic cesspool”.
The Verge as well as other cybersecurity experts confirmed that the files shared on Wednesday were legitimate and contained the entirety of Twitch's source code, an unreleased game (code-named Vapour) created by Amazon Game Studios to compete with Stream, and details about creator finances.
While the leak appears to have omitted personal information of users, such as their login details, it was also termed as 'part one'.
"The leaker appears to have focused on sharing Twitch’s own company tools and information, rather than code that would include personal accounts," reports The Verge.
Expand3. Why the Breach Is Significant
The data breach suffered by Twitch is of an unprecedented scale, with information security professionals asserting that it raises tough questions regarding the internal functioning of the platform.
Information security director at Future, Ian Brownhill, believes that anyone with access to the leaked data can receive "massive insight" into Twitch's infrastructure and systems as well as expose vulnerabilities which can enable future attacks – not just against Twitch, but Amazon as well, PC Gamer reported.
Reiterating this, Synopsys Software Integrity Group senior security strategist Jonathan Knudsen stated that with the source code being made available to potential malicious actors, the engineer software applications face the threat of being reversed and unraveled.
Expand4. Why Twitch Was Called a 'Disgusting Toxic Cesspool'
The security breach comes a month after thousands of users, mostly belonging to marginalised backgrounds, urged the platform to act against 'hate-raids' and logged off from the platform for a day in solidarity.
Hate raids refer to an ambush by a group of hostile users, who use dummy accounts and bots to flood a streamer's chatbox with hate comments and targeted abuse, often aimed at their identity.
To combat issues such as this and others, such as a split in pay, Twitch user RekItRaven, a Black individual using they/them pronouns, began the #TwitchDoBetter movement on Twitter in August.
Speaking to The Washington Post last month, they iterated, “I’m tired of feeling like I’m not allowed to exist based off of circumstances that are out of my control, and I know other people are too.”
(With inputs from The Washington Post, The Verge and PC Gamer.)
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)
Expand
What Is Twitch?
Twitch is Amazon's interactive, live-streaming service. Predominantly hosting gamers, the online platform allows its users to watch other people play video games, interact with other users or live-stream their own gameplay with the public.
Streamers with enough level of engagement can also earn money through subscriptions and Twitch partnerships.
What Happened? More About The Hack
According to Video Games Chronicle, an anonymous hacker posted a 128 GB torrent link on social media platform 4chan on Wednesday, claiming that it contained the 'entirety of Twitch'.
Saying that the leak was aimed at fostering "more disruption and competition in the online-video streaming space," the hacker asserted that the Twitch community was a "disgusting toxic cesspool”.
The Verge as well as other cybersecurity experts confirmed that the files shared on Wednesday were legitimate and contained the entirety of Twitch's source code, an unreleased game (code-named Vapour) created by Amazon Game Studios to compete with Stream, and details about creator finances.
While the leak appears to have omitted personal information of users, such as their login details, it was also termed as 'part one'.
"The leaker appears to have focused on sharing Twitch’s own company tools and information, rather than code that would include personal accounts," reports The Verge.
Why the Breach Is Significant
The data breach suffered by Twitch is of an unprecedented scale, with information security professionals asserting that it raises tough questions regarding the internal functioning of the platform.
Information security director at Future, Ian Brownhill, believes that anyone with access to the leaked data can receive "massive insight" into Twitch's infrastructure and systems as well as expose vulnerabilities which can enable future attacks – not just against Twitch, but Amazon as well, PC Gamer reported.
Reiterating this, Synopsys Software Integrity Group senior security strategist Jonathan Knudsen stated that with the source code being made available to potential malicious actors, the engineer software applications face the threat of being reversed and unraveled.
Why Twitch Was Called a 'Disgusting Toxic Cesspool'
The security breach comes a month after thousands of users, mostly belonging to marginalised backgrounds, urged the platform to act against 'hate-raids' and logged off from the platform for a day in solidarity.
Hate raids refer to an ambush by a group of hostile users, who use dummy accounts and bots to flood a streamer's chatbox with hate comments and targeted abuse, often aimed at their identity.
To combat issues such as this and others, such as a split in pay, Twitch user RekItRaven, a Black individual using they/them pronouns, began the #TwitchDoBetter movement on Twitter in August.
Speaking to The Washington Post last month, they iterated, “I’m tired of feeling like I’m not allowed to exist based off of circumstances that are out of my control, and I know other people are too.”
(With inputs from The Washington Post, The Verge and PC Gamer.)
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)