Amazons Twitch breached exposing source code and payout information

By Kellen Browning October 7, 2021 â€" 10.01am

Livestreaming site Twitch has endured a data breach that security researchers believe may have provided sweeping insight into the platform’s computer code, security vulnerabilities and even how much its top content creators make.

Twitch, which is owned by Amazon and is a popular destination for video game streams, confirmed the breach on Twitter hours after a user posted what they claimed was an enormous trove of the site’s data onto the anonymous message board website 4chan. The user said the 128 gigabyte file was only the first part of the leak.

Twitch is a popular platform for video game livestreams, owned by Amazon.

Twitch is a popular platform for video game livestreams, owned by Amazon.

The user said the file contained, among other items, the history of Twitch’s source code; proprietary software development kits; an unreleased competitor to Steam, an online games store; programs Twitch was using to test its own security vulnerabilities; and a list of the amount of money that each of the site’s streamers have earned since 2019.

“Find out how much your favorite streamer is really making!” the user posted. “Jeff Bezos paid $970 million for this, we’re giving it away FOR FREE.”

Twitch did not respond to a request for comment about details of the breach.

“Our teams are working with urgency to understand the extent of this,” the company wrote on Twitter. “We will update the community as soon as additional information is available.”

Ekram Ahmed, a spokesperson for cybersecurity company Check Point, said that it was the company’s “strong suspicion” that Twitch’s code had truly been leaked, which was “potentially disastrous.”

“It opens a gigantic door for evildoers to find cracks in the system, lace malware and potentially steal sensitive information,” he said.

The incident sent Twitch’s community of streamers into a panic.

Kaitlyn Siragusa, known to her 4.4 million followers as Amouranth, said in a text message that it was “quite shocking so much information could be breached.”

Saqib Zahid, who streams to his 2.8 million followers as Lirik, said in a Twitter direct message that the incident was “frustrating,” but he was “not surprised.”

Natalia Mogollon, known as Alinity online, said via a Twitter direct message that her reaction was “disappointment.” And Félix Lengyel, one of the top earners and most notable personalities on the platform, simply tweeted in all-caps: “HEY @TWITCH EXPLAIN?”

According to the list of earnings, which could not be independently verified, some notable personalities had made millions of dollars since 2019. Some streamers confirmed their numbers were accurate’ though others disputed the figures.

“All data in there on me is 100 per cent true in terms of payout value info,” tweeted Scott Hellyer, a streamer who goes by tehMorag. “This is real and will impact people for years.”

Another streamer, Hasan Piker, anticipated had people getting angry about the amount of money the list said he had made.

The 4chan user included the hashtag #DoBetterTwitch, a variation of the hashtag #TwitchDoBetter that has been used in recent months by members of the Twitch community after the proliferation of so-called hate raids, in which users bombard streamers, particularly women and people of colour, with abusive and offensive messages.

Independent cybersecurity researchers said they were analysing the data and combing the so-called dark web in order to figure out what had happened.

“Twitch leak is real. Includes significant amount of personal data,” tweeted Kevin Beaumont, a cybersecurity researcher. “If the people involved truly want to fight toxicity in gaming, they might want to look into a mirror as that kind of leak is toxic behaviour.”

This article originally appeared in The New York Times.