A hacker released the whole source code for Twitch along with a 128GB data dump that contained information on creator payouts going back to 2019 as well as all of the company’s internal cybersecurity red teaming capabilities.
While the majority of the media coverage initially concentrated on the staggering earnings of a few Twitch streamers, worries about the security and privacy of all Twitch streamers started to spread later in the day.
In order to safeguard their money accounts and selves from a potential wave of attacks by opportunistic thieves, experts advised all Twitch streamers to act immediately.
Twitch said late on Wednesday night that all stream keys would be reset, pointing streamers to to this website for new stream credentials.
For your next stream to begin, you might need to manually update the broadcast software you’re using with this new key. Users of Twitch Studio, Streamlabs, Xbox, PlayStation, and the Twitch Mobile App shouldn’t need to take any more steps in order for their new key to function, according to Twitch.
“Twitch account connections made by OBS users shouldn’t require them to take any further action. Users of OBS who have not linked their Twitch account to the software must manually copy and paste their stream key from the Twitch Dashboard into OBS. Please refer to the individual setup instructions for your software of choice for all further questions.
In a previous statement, the business claimed to have discovered that the breach was caused by a Twitch server configuration change error that exposed data to the internet.
Twitch said that as part of its ongoing investigation into the event, it was still attempting to determine the extent of the breach.
“While our investigation is ongoing, we want to address some of the concerns that this situation has raised. We currently have no evidence that login information has been made public. We’re still looking into it. Additionally, Twitch does not keep complete credit card data, so full credit card numbers were not disclosed, according to Twitch.
But specialists have listed a long list of issues that gamers tied to the gaming site, which has more than 2 million monthly broadcasters and an average of 15 million daily players.
According to Quentin Rhoads-Herrera, director of CRITICALSTART, malware writers may utilize the Twitch code that has been disclosed to infect the service’s user base by possibly identifying security holes in the application’s code.
“Now that the data has been made public, Twitch has limited options. They ought to make an effort to keep it off of sites like GitHub, BitBucket, or other well-known code/file-sharing services. However, the information is already public and will continue to be disseminated through a variety of ways, according to Rhoads-Herrera.
What they can do is assess the specifics of the theft, change any compromised user passwords, assess the risk to their IP (particularly from the information stolen from Vapor, who is allegedly intending to compete with Steam), and assess how it will affect their business as a whole. The fact that their competitors now have access to their data for free poses the biggest threat to Amazon’s Twitch. Due to this incident, Twitch may lose some of its user base and any previous user trust. The data that was disclosed, which was exclusive to their intellectual property and may be used by rivals, has the most impact.
What was published yesterday, according to the hacker who carried out the attack, was simply the first part of the material that had been taken.