Twitch has found itself on the receiving end of a giant hack that exposed 125GB of data. There’s lots of information in the hack, including creator payouts, a potential Steam competitor, and even the streaming service’s source code.
Update, 10/6/21 12:03 pm Eastern: Twitch posted on Twitter acknowledging the hack, though it didn’t go into specifics.
We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.
— Twitch (@Twitch) October 6, 2021
Video Games Chronicle first discovered the hack, which was posted as a 125GB torrent on 4chan. The hackers claim it includes the entirety of Twitch and its commit history.
In total, the leak contains:
- Three years of creator payout data
- The entirety of Twitch.tv, “with commit history going back to its early beginnings.”
- Twitch source code for mobile, desktop, and video game console apps
- Code involving SDKs and internal AWS services used by Twitch
- A yet unreleased Steam competitor from Amazon Game Studios
- Data relating to other Twitch-owned properties like IGDB and CurseForge
- Twitch’s “red teaming” security tools
What’s not clear is whether the leak contains sensitive data on regular Twitch users, such as passwords, addresses, names, and so on. According to Video Games Chronicle, users on Twitter claiming to have gone through the massive 125GB torrent found user data, but that hasn’t been verified yet.
It’s possible that the hack contained individual user information that wasn’t included in the leak, as it appears to be targeting Twitch as a whole more than individual users.
With that said, this leak is also being called “Part One,” which means there could be more leaked in the future, which might contain verifiable user data. It’s recommended to use 2FA on your Twitch account to ensure it’s locked down and secure.
What’s Twitch Going to Do?
For its part, Twitch has been quiet on the matter, so we’ll have to wait and see how Amazon-owned streaming service responds to the leak. We’d expect to hear something shortly, but we assume the company is doing internal research to uncover exactly what happened with this hack before it addresses anything.