Twitch source code, creator earnings exposed in 125GB leak

Front page layout
Site theme
Sign up or login to join the discussions!

Live video broadcasting service Twitch has been hit by a massive hack that exposed 125GB of the company’s data. In a 4chan thread posted (and removed) Wednesday, an anonymous user shared a torrent file of the data dump. The dump contains the company’s source code and details of money earned by Twitch creators.

The hacker wrote that the purpose of the leak was to cause disruption and promote competition among video streaming platforms. The hacker further said that Twitch’s “community is a disgusting, toxic cesspool.”
Twitch has admitted to the breach but has not responded to Ars’ questions. It appears that even Twitch isn’t aware of the full extent of the breach, as the company is still working out the details:
We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.
Update: In an advisory posted yesterday at 10:30 pm PT, Twitch has blamed the data exposure on a “server configuration change that was subsequently accessed by a malicious third party.” As the investigation continues into assessing the full impact, Twitch states at this time there is no evidence to indicate that login credentials were leaked. Additionally, Twitch does not store full credit card numbers and as such confirms these were not, and could not have been exposed.
The same thread on 4chan also claimed to expose “creator payout reports from 2019 until now. Find out how much your favorite streamer is really making!”
Notably, the 125GB archive is titled “Part One,” alluding to the possibility of future leaks.
A small subset of data seen by Ars shows the earnings of the top 10,000 Twitch users next to their usernames. An updated list was posted by game creator Sinoc, and a Twitter user who analyzed the dump posted a detailed breakdown of the payouts:
The gross payouts of the top 100 highest-paid Twitch streamers from August 2019 until October 2021:
An anonymous Twitch source confirmed to Video Games Chronicle that the leaked data, including Twitch’s source code, is legitimate. According to the company source, the data was obtained as recently as Monday.
The 4chan poster claims the leaked data dump contains:
The dump also reportedly contains Unity source code for a game called “Vapeworld.”
Portions of the leaked archive are vast and contain large ZIPs, and it may be days before the complete extent of the breach is understood:
Some Twitter users also claimed to see encrypted passwords present in the dump and are urging Twitch users to enable two-factor authentication and change passwords as a safeguard.

Interestingly, NBC’s tech investigations reporter Olivia Solon says that all of Amazon’s warehouse systems were hit by a network disruption last night, although the company won’t confirm if this event was connected to the Twitch hack.
According to Solon:
Amazon warehouse workers across the US were unable to work for at least two hours last night because their internal software crashed and none of their scanners would work.
All Amazon will say is that it was a “network disruption that was quickly resolved.”
Amazon’s 2014 acquisition of Twitch maintained that the entity would operate “independently” from Amazon. As such, whether Twitch runs its own server stack or uses Amazon’s rack space isn’t clear.
You must to comment.
Join the Ars Orbital Transmission mailing list to get weekly updates delivered to your inbox.
CNMN Collection
WIRED Media Group
© 2021 Condé Nast. All rights reserved. Use of and/or registration on any portion of this site constitutes acceptance of our User Agreement (updated 1/1/20) and Privacy Policy and Cookie Statement (updated 1/1/20) and Ars Technica Addendum (effective 8/21/2018). Ars may earn compensation on sales from links on this site. Read our affiliate link policy.
Your California Privacy Rights | Do Not Sell My Personal Information
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Condé Nast.
Ad Choices

Tech Consultant Chris Hood and Business Strategist.

Leave a Reply

Your email address will not be published. Required fields are marked *