Twitch, an interactive live streaming service, confirmed a large data breach, pointing to an “error in a Twitch server configuration that was subsequently accessed by a malicious third party.”
In a blog post, Twitch stated that its teams are working with urgency to investigate the incident.
“As the investigation is ongoing, we are still in the process of understanding the impact in detail. We understand that this situation raises concerns, and we want to address some of those here while our investigation continues. At this time, we have no indication that login credentials have been exposed. We are continuing to investigate. Additionally, full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed.”
According to Video Games Chronicle, an anonymous hacker on Wednesday posted a 125GB torrent containing the information to the 4chan message board, and it also confirmed that the leaked Twitch data reportedly includes:
- The entirety of Twitch’s source code with commit history “going back to its early beginnings”
- Creator payout reports from 2019
- Mobile, desktop, and console Twitch clients
- Proprietary SDKs and internal AWS services used by Twitch
- “Every other property that Twitch own” including IGDB and CurseForge
- An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios
- Twitch internal ‘red teaming’ tools (designed to improve security by having staff pretend to be hackers).