Online video gamers everywhere had their eyes and ears on the news, curious to learn more about their popular live streaming service Twitch and its recent data breach.
While much remains unknown, there are many things we do know about the cyberattack and its implication on its core audience.
Let’s look at what data was acquired, how the leak could affect users and some important lessons from the 2021 Twitch streaming data breach:
Wednesday, October 6th, the American interactive live streaming service Twitch announced on its Twitter that it was the victim of a cybersecurity attack.
More than 100GB of leaked data was publicly posted online on 4chan on Wednesday, according to BBC.
Amongst the posted data included three years of payment information showing how much Twitch compensated its elite gamers — causing quite a stir online over the high earnings of a select few top streamers. The leak revealed that Twitch paid more than $108,000 annually to 13 individual accounts or users since 2019, bringing rise to debates over how much a streamer should really be making and their career continuity from here on out.
A Twitch spokeswoman declined to comment on the exact data compromised, according to The Wall Street Journal. However, other sources say the stolen information included user data, internal company documents, Twitch’s proprietary source code, security tools and more.
With more than 7 million people a month streaming content, this leak could have serious implications for both Twitch users and the hacked brand alike. As a subsidiary of Amazon.com, Inc., some worry about the connection the bad actor(s) may have to larger pools of Amazon data… but before we dive in too deep, let’s explore why Twitch was attacked.
The stir all began on October 6th when an individual posted a 125-GB torrent file containing contents of the breach on a public 4chan message board.
The user claims to have posted the files in response to the “hate raids” Twitch faced in September, wherein malicious attackers develop bots to flood top streamers’ chat rooms with hateful messages. While Twitch sued two users accused of frontiering the raids, the leaker claims the community itself is “toxic.”
The user wrote that the Twitch “community is… a disgusting toxic cesspool, so to foster more disruption and competition in the online video streaming space, we have completely pwned them... Find out how much your favorite streamer is really making!”
This isn’t the first time Twitch was accused of toxicity. In 2020, Twitch employee whistleblowers accused the brand of being “a tonedeaf, white-and cis-hetero-male-dominated culture.” Their parent company Amazon itself has faced a lot of scrutiny over ethics as well.
Activist hackers, AKA “hacktivists,” are taking a stance on causes important to them, yet there’s no telling what repercussions this leak may have on the streamers the leaker outed online.
They explained that Twitch Studio, Streamlabs, Xbox, PlayStation, OBS and Twitch Mobile App users should not need to take any action for your new key to work, but that all other users should follow their setup instructions.
“At this time, we have no indication that login credentials have been exposed,” Twitch also shared. “We are continuing to investigate. Additionally, full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed.”
There are a few things both Twitch users and others can do or learn from the 2021 Twitch live streaming data breach:
From the Kaseya attack to the UHS breach, and now Amazon Twitch’s data breach, cyberattacks are growing more frequent and more complex. Protect your organization from internal and external threats by taking action to strengthen your defenses.
Download our 5-1/2 Easy Steps to Avoid Cyber Threats guide to get started today!