Twitch is not having a good time lately. On top of battling bots engaging in hate-raids spamming chats with horrible things, it appears they've also suffered a massive data breach.
First reported (as far as we can tell) by VGC, who have since had it confirmed that it's legitimate, this is a massive blow to Twitch and really shines a light on their security for such a thing to happen. Even though there's no indication yet that it includes login details, you may want to be extra careful and go change your Twitch password.
As for what it contains it includes:
- Twitch source code with repository commit history "going back to its early beginnings"
- Mobile, desktop and video game console Twitch clients
- Various proprietary SDKs and internal AWS services used by Twitch
- "Every other property that Twitch owns" including IGDB and CurseForge
- An apparent planned competitor to Steam named "Vapor"
- Streamer payout reports showing some receiving massive payouts
- Twitch security tools
This leak is apparently only part one, so there may be more to come yet. From what the leaker said they called the Twitch community a "disgusting toxic cesspool" and so they wanted to "foster more disruption and competition in the online video streaming space".
Ouch.
Update - Twitch has now confirmed on Twitter that it's real:
We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.
QuoteAn apparent planned competitor to Steam named "Vapor"An apparent planned competitor to Steam named "Steam" lol
Last edited by buckysrevenge on 6 October 2021 at 3:48 pm UTC
Quoting: dxmn2FA exists for a reason, if your account gets compromised because of this then it'd be wise to enable it. If you already have it for your Steam account (for trading, etc), why not enable it for all your other private accounts?Just tried to (it was one of the few services I use where I didn't have that yet) - it won't accept any confirmation numbers sent to me via SMS. Their system is thoroughly borked.
One can only hope they'll fix it in the coming days.
I changed my password, of course, but still.
Quoting: BielFPsQuoteAn apparent planned competitor to Steam named "Vapor"An apparent planned competitor to Steam named "Steam" lol
I'm guessing those plans went up in smoke.
See more from me