Massive Twitch hack: Source code and payment reports leaked

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Twitch source code and streamers' and users' sensitive information were allegedly leaked online by an anonymous user on the 4chan imageboard.
The leaker shared a torrent link leading to a 125GB archive containing data allegedly stolen from roughly 6,000 internal Twitch Git repositories.

"Their community is also a disgusting toxic cesspool, so to foster more disruption and competition in the online video streaming space, we have completely pwned them, and in part one, are releasing the source code from almost 6,000 internal Git repositories," the post reads.

According to the anonymous 4chan user, the leaked Twitch data contains:
 

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
In an update regarding this month's security incident, Twitch downplayed the breach saying that it had minimal impact and only affected a small number of users.

"We've undergone a thorough review of the information included in the files exposed and are confident that it only affected a small fraction of users and the customer impact is minimal. We are contacting those who have been impacted directly," Twitch said.

The company also stated that no login credentials or full credit card numbers/payment data belonging to users or streamers were exposed following last week's massive data leak.

"Twitch passwords have not been exposed. We are also confident that systems that store Twitch login credentials, which are hashed with bcrypt, were not accessed, nor were full credit card numbers or ACH / bank information," Twitch added.

 

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,247
Twitch has definitively stated that passwords weren’t exposed in last week’s major data breach.

“Twitch passwords have not been exposed,” Twitch said in an update to its webpage about the security incident. “We are also confident that systems that store Twitch login credentials, which are hashed with bcrypt, were not accessed, nor were full credit card numbers or ACH / bank information.”

Last week, what appeared to be leaked source code for Twitch hit the web, and in Friday’s update, Twitch confirmed that was the case. “The exposed data primarily contained documents from Twitch’s source code repository, as well as a subset of creator payout data,” the company said. Twitch claims that the information exposed “only affected a small fraction of users, and the customer impact is minimal,” and it says it is following up directly with those who were affected.

Sources who spoke to The Verge last week painted a picture of a company with bad security practices and detailed a previously unreported security problem that took place in 2017. On Thursday, Vice reported on another massive hack that happened in 2014. In Friday’s update, Twitch said it has “taken steps to further secure our service.”
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top