Twitch confirmed the intrusion
The giant hack against Twitch is genuine, the company confirms via Twitter. “Our work teams work with urgency to find out the extent of it,” the company writes.
In a blog posts writes Twitch that the hack was possible due to incorrect server settings. The company so far has indications that the hackers have come across login information, and since Twitch does not store payment information itself, they may not have come across such information.
However, as a precautionary measure, the company has chosen to reset all API keys for users streaming on the platform. Those who use Twitch Studio, Streamlabs or the official Twitch apps for mobile and consoles do not need to do anything, as do computer players who have linked their Twitch account to the OBS program, but those who use other software need to download their new keys.
An anonymous user on the 4chan forum has released a torrent of 125 gigabytes that is alleged to contain the entire Twitch source code. The Verge reports that they have succeeded in confirming that the leak is real.
The torrent contains three years of information about payments made to creators on Twitch. The whole twitch.tv. The source code for the Twitch clients for mobile, desktop and game consoles. Code linked to third-party developer development tools and internal Amazon Web Service services used by Twitch. A never-released Steam challenger from Amazon Game Studios. Data from Twitch properties such as IGDB and Cursedforge. As well as Twitch internal security tools.
The posted information does not appear to contain any user information, such as passwords. However, the hacker can still come across such information without releasing it.
According to the poster on 4chan, it wants with the leak “to encourage innovation and competition among live streaming platforms”. The poster also describes the leak as “part 1”, which means that more data can be released later.
Twitch has not yet commented on the whole thing.