Streaming Site Twitch Breach Includes 125GB Tranche of Stolen Data, SDKs, Creator Payout Reports
Note: We may earn a commission from products or services when you click on a link and make a purchase.
Streaming site Twitch.tv has confirmed that the company has suffered a massive data breach. Twitch says that reports of the security incident are legitimate and that the investigation is underway.
The data breach reportedly includes 125GB of data with source code, software development kits (SDKs) from as recent as last week, and all 2019 creator payout reports.
It’s not known when the breach occurred, the attack vector, or for how long it persisted.
“We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available,” said Twitch via the company’s official Twitter account.
Twitch is a live streaming video platform and community for gamers and their fans. The platform was bought by Amazon in 2014.
A link to a torrent of 125 GB of stolen Twitch data is currently posted on anonymous forum 4chan. The data is available for anyone to download.
Breached Twitch Data Reportedly Includes:
- All Twitch’s source code with comment history “going back to its early beginnings”
- Creator payout reports from 2019
- Code for Mobile, desktop, and console Twitch clients
- Proprietary SDKs and Amazon Web Services (AWS) used by Twitch
- “Every other property that Twitch owns” including IGDB and CurseForge
- An unreleased competitor to Steam codenamed Vapor, from Amazon Game Studios
- Twitch internal ‘red team’ tools
CAUTION: You should NOT attempt to download the data unless you know what you are doing. It’s possible to harm your computer with malware hidden in the stolen files.
Twitch Data Breach – What Should I Do next?
Some security pros are reporting that encrypted passwords are also part of the leaked data.
All Twitch users should change their passwords immediately. Change your Twitch password to a strong and hard-to-guess combination that is not used for any other online account. If you cannot think of a unique password for Twitch, try using a password generator to create and store one for you.
All Twitch users – including those who create content and those who just watch – should enable two-factor authentication immediately.
Hackers know that people often use the same password over and over across multiple online accounts. They take stolen login credentials from one data breach and use them to compromise other, more valuable accounts like payment cards.
Video Games Chronicle first reported details on the Twitch data breach today.