This morning we learned that Twitch, the now hugely popular video game streaming platform and more, was victim of a very heavy hacker attack that he revealed to the whole world (or at least to those who have actually managed to get their hands on the stolen data) lots of details on the internal functioning and payments of the company, starting from the source code of the platform. Through an obviously anonymous post appeared on 4chan, complete with links to download a heavy torrent file, the people behind this huge leak cited Twitch’s toxic community and the desire to see more competition in this space as the reasons that led them to spread this sensitive information to the world..

This was all the material recovered from the anonymous leakers:

The entire Twitch source code, with commit history dating back to its beginnings

The source code of the Twitch Client for mobile, desktop, and game consoles

Various proprietary SDKs and internal AWS services used by Twitch

Data on any other property owned by Twitch, including IGDB and CurseForge

Projects and prototypes for a competitor of Steam, an Amazon Game Studios digital store called, it seems, Vapor

Twitch internal Red Teaming tools

Payment reports from creators since 2019

If the leak of Twitch internal data causes major problems for the technicians and workers of the company itself, it is the earnings of streamers from 2019 to today that arouse more attention from the general public. In fact, these sensitive data (which fortunately does not include personal data of any kind apart from the name of the streamer and the earnings in dollars, at least in this first part of the leak) are often kept secret by the streamers themselves, to avoid repercussions and damages of image to their brand. Furthermore, and here we go strictly into the field of speculation, in the past some streamers have been “pinched” by revenue agencies a little around the world for declaring lower earnings than in reality: it is therefore plausible to expect that these data now dominate public, if confirmed, could be a source of concern for streamers a little more “crafty”.

In any case, at the moment we can only wait for more information from Twitch itself, which will have to inform its customers of the incident and also of what will be done to mitigate the thing from now on. In any case, at least at the moment, individual user data appears to be safe. Therefore, no alarmism. Changing your Twitch account password and enabling two-factor authentication can be a good initial step to protect yourself., but at the moment there don’t seem to be any problems in this regard.

Source: The Verge