A Devastating Twitch Hack Sends Streamers Reeling
This morning, an anonymous hacker released what they claim is an enormous cache of proprietary data from Twitch, the popular streaming platform, including Twitch.tv source code and streamersâ revenue information.
âJeff Bezos paid $970 million for this, weâre giving it away FOR FREE,â wrote the poster on 4chan. Todayâs leak, which its original poster described as âextremely poggers,â is by far the biggest to ever hit Twitch, which was acquired by Amazon in 2014.
The leak, first reported by Video Games Chronicle, reportedly contains 125 GB of data. That data includes the source code for Twitch.tv; Twitchâs mobile, desktop, and game console clients; proprietary SDKs; Twitch-owned properties including Vapor, Amazonâs alleged Steam competitor from Amazon Game Studios; and internal security tools. The leak does not appear to contain streamersâ or usersâ personal information, but the damage appears extensive. The post is titled âtwitch leaks part one,â implying that there may be more to come.
âAnytime source code gets leaked itâs not good and potentially disastrous,â says Ekram Ahmed, spokesperson at security firm Check Point. âIt opens a gigantic door for evildoers to find cracks in the system, lace malware, and potentially steal sensitive information.â
The 4chan poster also referenced Twitchâs recent wave of hate raids, in which botmakers have been spamming marginalized streamersâ chats with bigoted harassment. Mentioning the #DoBetterTwitch hashtag (more commonly #TwitchDoBetter), the poster claimed that Twitch is a âdisgusting cesspool.â They wrote that the leak, which appears to contain huge amounts of proprietary data, is to âfoster more disruption and competition in the online video game streaming space.â Twitch has introduced several new tools to combat these hate raids, and sued two alleged hate raiders last month.
Twitch declined to comment to WIRED but confirmed Wednesday morning that a breach had taken place. âOur teams are working with urgency to understand the extent of this,â the official Twitch account tweeted. âWe will update the community as soon as additional information is available.â
âI wish I could say I'm surprised,â says Avery, a streamer who goes by Littlesiha and does not publicly share her last name for privacy reasons. âIt took Twitch two months to find a way to protect marginalized creators that were getting harassed, threatened, and doxed through chatbot raids. Security on the site feels like a joke at this point.â
While much of the data appears to be legitimate, there is some debate over the accuracy of streamersâ revenue numbers. Some streamers have tweeted that their payout numbers are accurate, while others have claimed otherwise. âIt was wrong, for my number,â said popular Twitch personality Asmongold while streaming Amazonâs new video game New World this morning. âIt's harder to fuck up more than this,â he told WIRED.
Also streaming on Twitch, Nick âNMPâ Polom said, âI kind of feel violated right now.â His viewers, numbering in the tens of thousands, took the leak as an opportunity to meme, donating money attached to messages like âSeems like you need this more than me. I work at McDonaldâs.â (On Twitter, he wrote that he is âlive right now being relentlessly SHIT ON by my community for being âpoor.â THANKS @twitch.â) Although many streamers have expressed deep worry over the leak, some are turning it into a joke: Top streamer Chance âSodapoppinâ Morris, who was 42nd in the streamer revenue number list, begged his viewers not to view it as real: âI swear Iâm one of the richest ones on the platform,â he joked. âI make WAY more than that.â (For many top streamers, Twitch payouts are just one revenue stream among many.) Streaming on Twitch, Felix âxQcâ Lengyel shouted, âI told yâallâ"itâs trillionaire with a fucking âTâ!â
Todayâs leak will have untold and unpredictable consequences for streamers, many of whom make a precarious living off donations and temporary sponsorships. Rachel Tobac, CEO of SocialProof Security, tells WIRED that the leakâs earnings information can open up streamers to a potential financial risk. âEven if the streamer payout data is incorrect or has been falsified, cyber criminals could still be more interested in targeting those streamersâ accounts because they know they are extra-confirmed, high-value targets,â she says. âTwitch streamers have always had an elevated threat model because they're in the public eye, but leaked financial data increases their threat model even more.â
Tobac recommends that streamers secure their financial accounts today. And out of an abundance of caution, she adds, both streamers and users should also change their passwords to long, random, and unique strings of charactersâ"you can see our picks for password managers hereâ"and turn on two-factor authentication.
More Great WIRED Stories
0 Response to "A Devastating Twitch Hack Sends Streamers Reeling"
Post a Comment