Around 10:30 p.m. PT on Oct. 6, 2021, Twitch learned of a data breach that affected every account across the platform. Twitch's own reporting confirmed that data was indeed exposed to the internet and accessed by a malicious third party because of "an error in a Twitch server configuration change..." which is being investigated internally.
According to Twitch's statement on the incident as of the writing of this article, their investigation is still working to fully understand the extent of the data breach.
"No indication that login credentials have been exposed...Additionally, full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed." -Twitch
Twitch sought to make clear that they currently have "no indication that login credentials have been exposed" but they are still investigating what happened. They also explained that "full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed" which is great news for Twitch users and streamers.
"Out of an abundance of caution, we have reset all stream keys." -Twitch
On Oct. 7, 2021, at 1:00 a.m. PT, Twitch explains that they have reset all stream keys while providing a link to obtain a new one here.
They also stated that if you stream using any of the following platforms or software then it's unlikely that you will need a new stream key:
Twitch Mobile App
Twitch Studio
Xbox
PlayStation
Streamlabs
OBS (only if you've connected your Twitch account manually)
If you aren't familiar with what a stream key is, it's essentially a unique account code that tells a streaming software and services the exact location to send your streaming feed. If someone has your stream key, they can stream whatever content they want to your account and to your followers. You should never share what your stream key is.
Twitch claims to have 30 million daily visitors on average with over 7 million unique streamers every month. According to Statista's J. Clement, it is estimated that the number of users on the Twitch platform totaled a whopping 41.5 million in 2020.
"An anonymous hacker claims to have leaked the entirety of Twitch, including its source code and user payout information." -Video Game Chronicles
The Video Game Chronicles reported that an anonymous hacker has posted a 125GB torrent link to 4chan which allows anyone to download the leaked files. The report states that it's believed that the Twitch data was stolen as early as Monday. This anonymous hacker explains that the purpose of the hack was to "'foster more disruption and competition in the online video streaming space' because 'their community is a disgusting toxic cesspool'", according to Video Game Chronicle reporting.
The report also goes into detail about the extent of the leaked Twitch data which includes:
Twitch's entire source code going back to their early days
2019 Creator Payout reports
All Twitch clients
Proprietary assets and services
Twitch's owned property (i.e. companies)
Unreleased Twitch services and integrations by Amazon
Regardless of how extensive a data breach is, it's always a good idea to change your password, turn on 2-factor authentication, and pay attention to any strange or unwanted activity from your accounts or bank statements.
It's not fully understood just how much this data breach will affect users, steamers, Twitch, or the streaming industry as a whole. While a hack on a major corporation isn't unheard of, it's important to pay attention to how all streaming services respond to this situation as it develops and the changes they may or may not make to better protect users in the future.
Comments