Twitch hacked with streamer payouts and source code accessed
posted Monday Oct 11, 2021 by Scott Ertz
This week, Twitch acknowledged a massive hack of their internal network. These types of announcements have become fairly standard, but sometimes the details of a breach can make one instance more interesting than others. In the case of the Twitch breach, the type of information that made its way out to the public makes it fascinating. Rather than only personal information like usernames and passwords, these hackers gained access to very Twitch-specific information.
However, there is the possibility that encrypted passwords may have been exposed, so changing your password and enabling two-factor authentication is a good idea.
Personal Information
Some of the data that make Twitch unique is its content creator payouts, and that is one of the big data caches that made their way to 4chan in a 125 GB torrent. In fact, payout data dating back to 2019 were in this release, showing who the top paid content creators were in 2019 and 2020. The validity of this data was immediately put into question, especially considering the incredibly bad idea that is having this data on a server available to the outside world. But, Video Games Chronicle claims to have confirmed the information with an anonymous Twitch employee.
Through this data, we can see that the top creator within the time period of Aug 2019 - Oct 2021 was paid nearly $10 million, with the next closest being $8.5 million, and then a steep drop to $5.8 million for third place. However, what we can learn from this information is that the top performers are earning a ton of cash from the company for streaming on the platform.
It's important to note that, while the numbers have been made public, it's not clear whether or not any other financial information was exposed, such as payment details (bank account and routing numbers).
Stream Keys
In addition to payout information, Twitch streaming keys were exposed. These keys are used for connecting streaming software, like our own Livestream Studio, to the service. Now, some software allows you to dynamically manage this information, such as Livestream Studio and Restream. On the other hand, some require you to enter the key manually. For those who use the manual process, ALL streaming keys have been reset. This means that you'll need to reconfigure your software.
The Unknown Factor
There are two issues that prevent us from knowing exactly what else will be affected by this breach. The first issue is that the cache is 125 GB, which is a ton of information. It's going to take a while, certainly more than a week, to go through everything that was released to determine what is there. Security experts are going through it now and will have a better idea of the direct impact soon.
The biggest issue, however, is that the hacker (or original poster) claims that this is not the complete collection of data. It's possible that there is more information that is waiting to be released in the future, or possibly sold for profit on the dark web.
This is a very big breach, whether or not this is the only release. We will keep an eye on what happens in the future.
