Well this is bad. Twitch, the ultra popular streaming site, appears to have been hacked. An anonymous leak on 4chan's message boards released a 125GB torrent that purportedly contains the streaming service's source code, along with payment information for the creators and details about an unreleased rival to Amazon Steam called Vapor.
Anonymous hackers cannot be trusted at their word, but prominent security journalist Catalin Cimpanu of The record downloaded some of the files and confirmed that the content of the leak is in tune with what the hacktivists claimed to have shared. Meanwhile, security researcher Troy Hunt has compiled a Twitter thread from various Twitch streamers confirming that the payment details are legitimate, and Video game chronicles says they were told by an anonymous source from the company that the leaked data is legitimate, including the source code for the streaming platform owned by Amazon.
We reached out to Twitch to confirm, but this hack certainly looks legit. We will not be linking to the torrent.
The files allegedly contain a treasure trove of deeply guarded secrets, including:
- Three years of payment information for creators
- Twitch source code with commit history dating back to its inception
- Source Code for Twitch Console, Desktop, and Mobile Gaming Clients
- An unreleased Steam competitor codenamed Steam from Amazon Game Studios
- Information on other properties owned by Twitch, such as CurseForge, along with the SDK and internal Amazon Web Services tools used by Twitch
The poster said the leak was intended to encourage more disruption and competition in the online video streaming space, because the Twitch community is a disgusting toxic cesspool.
Fortunately, user passwords do not appear to be part of the files, but the leak was labeled as part one and Cimpanu notes that the torrents include folders containing information about the user's identity and Twitch's authentication mechanisms, management tools. Twitch internal security data and management system. team, including white board threat models that describe various parts of Twitch's backend infrastructure.
Between that information and the fact that the source code for the site and its various customers was published, we strongly recommend that you change your Twitch password and enable two-factor authentication for the site, in case user data was, or are going to be, c compromised in some way. Go to Twitch Security Settings Page to adjust both. Our guides of the best password managers and 2FA solutions can help you establish strong protections if you are unfamiliar with either technology. Both are vital in the modern rape-ridden world.
And if you're a content creator streaming to Twitch, make sure your banking credentials also use a unique and strong password and are protected by two-factor authentication if possible. This leak
should not endanger them in any way, but prevention is better than cure.