Twitch is an interactive livestreaming platform, mostly used by “gamers” that like to show their skills on different games. The service is owned by Amazon, but this week presented a huge fail on its servers that allows a malicious third party to access classified information. There is so much to say about this, but so far, they are working on it, even when the damage is done.
This data leak presents crucial information from Twitch
An anonymous source posted, on the 4chan messaging board, the leaked source code from Twitch, an unreleased Steam competitor from Amazon Game Studios; they revealed details of creator payouts, proprietary software development kits, and other internal tools. One of the most prominents things in this data leak was creator payouts, showing a list of the users that earn the most on the platform from their livestreaming.
On late Wednesday, Twitch informed that there is no indicator about a leak on the login credentials and that the platform never stored full credit card numbers, so these are not at risk of exposure. The user stated some harsh truths about the reason behind the hack: “foster more disruption and competition in the online video streaming space” because “their community is a disgusting toxic cesspool.” According to some users, this is just the first part of the attack, which consisted in a 125GB torrent that contains the following:
- The entirety of Twitch’s source code that even goes back to its early beginnings.
- Proprietary software development kits and internal AWS services used by Twitch.
- An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios.
- Information on other Twitch properties like IGDB and CurseForge.
- Creator revenue reports from 2019 to 2021.
- Mobile, desktop, and console Twitch clients.
- Cache of internal “red teaming” tools designed to improve security.
The most dangerous part of this attack is the leak of the entire source code, which can be used by cybercriminals to check for more flaws that allow them to have access to other types of data. Twitch advises all its users to change credentials and passwords to keep their data safe, plus activate the two-factor authentication for more security. At Eagle Tech Corp, we try to be updated about these attacks for a better comprehension of cybersecurity flaws and weaknesses.
Facebook: Eagle Tech Corp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp