Hacktivists are believed to be behind the attack.
Twitch was hit by a massive data breach after an anonymous hacker published a computer file containing a huge amount of data that the public can access.
Twitch, an Amazon video streaming service, confirmed the data leak in one tweet:
“We can confirm that a violation has taken place. Our teams are working flat out to understand the extent of this. We will update the community as additional information becomes available. Thank you for accompanying us. “
We can confirm that there has been a violation. Our teams are working flat out to understand the extent of this. We will update the community as additional information becomes available. Thank you for joining us.
– Twitch (@Twitch) October 6, 2021
According to CNBC, the Twitch data leak included details of payments to content creators and an unreleased product from Amazon Game Studios. The anonymous hacker said they were releasing the information to “encourage more disruption and competition” in the streaming world. In addition, the hacker described the Twitch community in a post on 4chan as a “disgusting poisonous cesspool”.
Unknown impact on regular Twitch users
Jarno Niemela is a senior researcher at F-Secure. He said the leak was “very serious” to Twitch. However, the question that remains is how regular Twitch users will be affected.
“With password hashes leaked, all users should obviously change their passwords and use two-factor authentication (2FA) if they aren’t already,” he said. “But since the attacker has stated that they have not yet released all of the information they have available, anyone who has been a Twitch user should review all of the information they have given to Twitch and see if there are any precautionary measures in place he must meet to ensure further privacy. Information will not be leaked. “
Users should always be careful about what kind of information they are providing to a social media platform, said Niemela.
Hacktivist likely behind attack
Marcus Fowler is the Director of Strategic Threat at Darktrace. He said the attacker appears to be a hacktivist working to harm Twitch for failing to crack down on hatred.
“This breach follows the mid-September hacking attack against web hosting company Epik, known for serving right-wing websites, and continues the emerging trend of malicious actors acting in accordance with their perceived ethical codes or social responsibility,” said he
Ongoing speculation suggests this breach is being done through a third party provider to Twitch, Fowler said. This reminds companies that they are only as secure as their supply chain.
“In this case, as with so many cyberattacks, the impact on Twitch is likely to be huge, both reputationally and financially,” he said. “The leak of the Creator payloads would have been relatively easy, albeit time-consuming, to calculate manually before the leak. But putting these together in one place has provided scammers with an extensive target list of high net worth individuals and organizations.
Difficult questions come up
Archie Agarwal is the founder and CEO of ThreatModeler, a provider of automated threat modeling.
“Reading a data breach that includes all of its source code, including unreleased software, SDKs, financial reports, and internal red teaming tools, will shiver any seasoned Infosec professional,” he said. “This is as bad as it could be. The first question everyone asks has to be, how on earth did anyone filter out 125 gigabytes of the most sensitive data imaginable without setting off a single alarm. Some very difficult questions are asked internally. “
At first glance, this appears to be a direct attack on Twitch and not users, Agarwal said. However, it is almost guaranteed that user information was carried away in this violation. Therefore, users must take the usual precautions to change their account credentials and ensure that they are not using the same combination of credentials to access other services online.
Data now available to Twitch competitors
Quentin Rhoads-Herrera is Director of Professional Services at CriticalStart.
“Now that the data is out, there’s not much that Twitch can do,” he said. “You should try to prevent it from being deployed on platforms like GitHub, BitBucket, or other popular code / file sharing platforms. But the data is already out there and is forever being shared across many different channels. They can take a close look at what has been stolen, reset compromised user passwords, and determine the risk to their intellectual property and how it affects their business as a whole. The greatest risk for Amazon’s Twitch is the data that is now freely available to competitors. “
Twitch could follow some users and lose trust, Rhoads-Herrera said. The biggest impact is the leaked data, which is unique to its intellectual property and could be exploited by competitors.