Twitch gets hacked, source code and user information leaks

8 Oct 2021

On 6 October Twitch was hacked by an anonymous user that leaked the streaming platform's source code and users' sensitive information on 4chan.

Source: Unsplash

It's reported that the user shared a torrent link leading to a 125GB archive containing data allegedly stolen from roughly 6,000 internal Twitch Git repositories.

According to the hacker, the leaked Twitch data contains:

The entirety of twitch.tv, with commit history going back to its early beginnings
Mobile, desktop, and video game console Twitch clients
Various proprietary SDKs and internal AWS services used by Twitch
Every other property that Twitch owns, including IGDB and CurseForge
An unreleased Steam competitor from Amazon Game Studios
Twitch SOC internal red teaming tools
Creator payout reports from 2019 until now

Here's a more comprehensive list of leaked Twitch payouts (I will keep updating this thread as more things come out). pic.twitter.com/15JItvp6l4
— KnowSomething (@KnowS0mething) October 6, 2021

The leaker indicated that the hack was motivated by a dislike of the Twitch community, which they described as 'a disgusting toxic cesspool', a Sky News report said.

Users of Twitch have also confirmed the leak and the platform itself tweeted a response to the hack:

We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.
— Twitch (@Twitch) October 6, 2021

It's recommended to set two-factor identification if you have a Twitch account, to do this, go to Settings, Privacy and Security, scroll down to the Security setting, click on Edit Two-Factor Identification and then edit accordingly.