On Wednesday, October 6, Amazon-owned streaming platform Twitch faced a massive data breach after a 4chan user posted leaked information containing the company’s source codes, payout information, proprietary in-development video game digital distribution service, and security tools. The information was shared as part of the 125 GB torrent file to foster more disruption and competition in the online video streaming community.
News website Video Games Chronicle first published news of the leak, which various media outlets subsequently confirmed. As reported by Polygon, the aforementioned leaked information is publicly available to download as described by a yet-unidentified hacker. VGC has confirmed the validity of information and the legitimacy of the stolen data via various anonymous sources, stating that Twitch is aware of the breach, at least internally, for which the sources believe happened as recently as Monday. At the time of writing, Twitch has not responded to requests for more information.
The stolen data contains the entirety of Twitch’s source code, creator payout reports from 2019, the comprehensive list of mobile, desktop, and console clients, proprietary software development kits, and internal Amazon Web Services used by the company. In addition, information about Twitch’s property, such as CurseForge, also made it to the list, alongside the company’s security-improving tools. Fortunately, the stolen data doesn’t seem to encapsulate user data. With that said, Twitch users are advised to turn on two-factor identification to prevent any misuse of potentially leaked data.
As the information made its way to numerous curious eyes, Twitter and Reddit users started combing through 125 GB of leaked data, with one user claiming that the torrent also includes encrypted passwords, recommending Twitch users to enable two-factor authentication. This suggestion sounds quite reasonable, given that the hacker (or hackers) responsible for the breach labeled the stolen information as “part one,” suggesting that more content has been stolen in the Twitch leak.
If this sounds all too familiar, it’s because something similar has already happened. Just four months ago, on June 10, Electronic Arts suffered a security breach in which a cybercriminal organization stole 780 GB worth of data containing Frostbite source code, SDKs, server codes, and other information. After the unsuccessful attempt to sell the data via the dark web for $28 million, the cybercriminal group attempted to extort Electronic Arts for an undisclosed sum. However, as the company refused to pay, given that the potential leak of stolen data posed no real threat, the hackers dumped the entirety of stolen information online.
However, when it comes to Twitch leaks, the information could potentially be more valuable, at least from a business standpoint. As per various reports, the torrent also contains information about a project codenamed Vapor – an alleged Steam competitor, claimed to integrate many of Twitch’s features into a bespoke game distribution service and store. Taking a shy peek into the bag full of Twitch mysteries could potentially give Valve insight into what the competition is doing, allowing the company to develop an adequate response. Let’s remember that, apart from this October’s offerings, Amazon Prime Gaming mostly features uninspiring offers, so the company might’ve developed something that could actually take on the competition. Who knows? If hackers are to be believed, we’ll find out when “part two” leaks online.