Gaming Streaming Platform Twitch Hacked by Malicious Attacker

As gaming becomes increasingly competitive, some of the world’s brightest talent have built lucrative careers and businesses off the backbone of streaming platforms. Twitch has emerged as the leader in streaming platforms, taking the esports market by storm with 140 million active users per month. But with its latest data breach plastered all over the news, the Amazon-owned streaming giant may face an irreparable fallout among its users.

On October 6, 2021, Twitch leaked massive amounts of sensitive data online due to an internal server misconfiguration that was exploited by a malicious third party. 

According to the BBC, their computers were set up incorrectly such that an unknown actor was able to access and download Twitch’s private data. Included in that data were the payment records of thousands of the most popular streamers over the last two years, as well as internal source code and documents of unreleased projects. 

Though the investigation is still ongoing, multiple streamers have come forward to confirm that the payment data is accurate. And given how fiercely Twitch guards the amount their streamers are paid – now revealed to be in the millions of dollars – this is the largest and most severe data breach Twitch has faced to date. And there might be more danger in store. 

Posted to an online forum by an anonymous user in the form of a torrent file, the file was labelled “Part 1,” suggesting that more data may be exposed. This leaves us wondering when the next attack will be, and more so, what type of data is contained in the next attack. 

Though Twitch has yet to disclose how many individuals were affected or when the error was made, some of the data dates back to three years ago, making the server a sitting duck for quite some time now. 

Twitch has also confirmed that no login credentials have been compromised at this time, but with much at stake, Twitch users aren’t taking the risk. In an effort to secure their accounts, Twitch streamers and viewers alike are scrambling to quickly change their passwords. 

As part of the ongoing effort to assess the damage of the data breach and minimize the impact, Twitch has also reset all “users’ stream keys – the unique code used by streaming software to broadcast to the right Twitch account.” 

Human error is the number one cause of data breaches in 2021, and this data breach is another example of how important it is to have an automated solution that can detect these misconfigurations. Learn how to protect your sensitive data with Dasera. Visit www.dasera.com to prevent data breaches – once and for all. 

Author

Tu Phan