As reported by VGC, An anonymous hacker has apparently managed to leak the entirety of Twitch, including its source code and information regarding user payout data.
https://t.co/7vTDeRA9vt got leaked. Like, the entire website; Source code with comments for the website and various console/phone versions, refrences to an unreleased steam competitor, payouts, encrypted passwords that kinda thing. Might wana change your passwords.
This news has come in the form of a post on the notorious message board 4Chan where a user posted a torrent link for 128GB worth of internal Twitch data including:
The entirety of Twitch.tv including comment history
The mobile, desktop and video game console Twitch clients
Various proprietary SDKs and internal AWS services used by Twitch
Additional properties owned by Twitch including IGDB and CurseForge
An unreleased Steam competitor from Amazon Game Studios
Twitch SOC internal red teaming tools
Creator pay-out reports from 2019 onward
Yikes. Twitter users that have downloaded the data have also claimed that it includes encrypted user passwords and though we can’t verify this for certain, it might be worth changing your password or adding two-factor authentication to your account if you haven’t done so already. Another interesting feature of the data is the presence of Unity code for a game called Vapeworld. From what we can tell, this appears to be a chat software based on Vapor, the code name for Amazon’s unreleased Steam competitor.
According to the original poster, who may have attained the data as early as Monday, the intention of this leak was to “foster more disruption and competition in the online video streaming space” because “their community is a disgusting toxic cesspool” but we’re not convinced that leaking people’s private information is the ideal way to go about this. Either way, it’ll be interesting to see how Twitch responds to this in the coming days, if they choose to publish a public response to the hacker at all. For now, we imagine it’s going to be a pretty rough week at Twitch HQ.
UPDATE: One anonymous company source told VGC that the leaked Twitch data is legitimate, including the source code.
Internally, Twitch is aware of the breach, the source said, and it’s believed that the data was obtained as recently as Monday.