SF-based gaming site Twitch pretty much had the keys to their kingdom snatched and posted on 4Chan, and since it’s owned by Amazon… is anything safe anymore?
Those of us who are not all intrigued by the pastime of “watching other people play video games for hours” know of San Francisco-based streaming service Twitch as sort of a YouTube knockoff on which we watched this year’s Hunky Jesus Contest, Big Freedia’s Pride concert, or the livestreamed Inside Lands festival last summer. But those of you who actually use Twitch to watch video game streams (and Hunky Jesus Christ, why?) you have a very, very big concern today. Video Games Chronicles reported Wednesday morning that Twitch had been thoroughly breached, with even its site’s entire source code posted online, and this has since been verified by many news outlets and even the site itself.
We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.
— Twitch (@Twitch) October 6, 2021
If you have a Twitch account, it is urgently recommended that you change your password, set up two-factor authentication, and change whatever it is that is called your “stream key.” The information was posted to 4Chan — with more data drops likely to come — as seen in the screenshot 4Chan below taken by Ars Technica.
In their post, the hacker calls Twitch “a disgusting toxic cesspool, so to foster more disruption and competition in the online video streaming space, we have completely pwned them.” (“Disgusting toxic cesspool”? Dude, you’re on 4Chan!)
If you were wondering about equal treatment of streamers on Twitch, there is a "do not ban" list that contains specific streamers who receive special protections. pic.twitter.com/4bExnSGi7b
— Dr. Jar ❁ (@spermjar) October 6, 2021
Usernames, passwords, and credit card numbers were not posted. But there’s no evidence these weren’t compromised, and the hacker(s) indicated they would drop additional data troves. The hacked, posted material is confirmed to include Twitch’s entire source code, the same code for an upcoming Steam competitor, and the 2019 payouts to Twitch's top-paid game streamers. The numbers look staggering, but realize these are the top .01% of earners. As the thread below details, most earners do not make minimum wage. And honestly, why should they? Playing video games is not a real job!
Twitch has just had a major leak of a lot of stuff including their monthly payouts to streamers.
— KnowSomething (@KnowS0mething) October 6, 2021
Here are some of the notables (note: this total is just their payout directly from twitch, so it doesn't include donations, sponsors, merch, etc.) pic.twitter.com/wDG0JkJuCx
The hacker also includes the kicker “Jeff Bezos paid $970 million for this, we’re giving it away FOR FREE.” (Amazon bought Twitch in 2014.) And if something Amazon owns can be hacked this thoroughly, is anything safe? We saw what happened to Facebook Monday, and this may or not be related to the Twitch troubles, but NBC News tech reporter Olivia Solon notes that “Amazon warehouse workers across the U.S. were unable to work for at least two hours last night because their internal software crashed and none of their scanners would work.”
In other words.... I'm afraid I can't do that, Dave.
Related: UC and Stanford Campus Systems Both Breached In Major Cyber Attack [SFist]
Image: Twitch.TV