Twitch, an Amazon-owned interactive livestream platform, has registered a massive data leak after an anonymous user on the 4chan message board posted Twitch’s source code, an unreleased Steam competitor developed by Amazon Game Studios, and other sensitive information related to payments, proprietary software development kits and internal tools into a public domain.
Twitch has admitted the “breach”, pointing that a hostile third party was able to access the data after a mistake in a Twitch server configuration update.
The livestream service says it’s working with urgency to determine the scope of this leak. In a late-night blog post from Wednesday, the company says that it has no evidence that anyone’s login details have been exposed. Twitch does not save complete credit card information, therefore, those data were not leaked.
According to posts in the forum, the hack was done to promote greater disruption and competition in the online video streaming market. Video Games Chronicle was the first to disclose the news, claiming that Twitch was informed of the breach on October 4th.
As per the available details, the leak comes as a Torrent file that consists of 125 GB of data. The Torrent has been named as “part one”, implying that there might be more leaks coming in the future. Some of the information found in it includes revenue reports of the creators for 2019 and 2021, as well as Creator revenue reports from 2019 to 2021 mobile, desktop and console Twitch clients.
Researchers are concerned that the disclosure of the internal Twitch source code represents a significant security risk because it enables interested parties to look for security flaws in the source code and exploit these in the future. Even though passwords are not included in the data leak, users are urged to update their passwords and use two-factor authentication as an additional safety measure.