Amazon’s video live streaming service Twitch, which focuses on streaming live video games, has suffered a data leak. As a result, 125 gigabytes of the most sensitive data including the entire source code, SDKs, financial reports and internal red-teaming tools have been posted to 4chan, an anonymous imageboard website.
According to Channel Future, a media and events platform, a hacktivist claimed responsibility for the leak maintaining that they have released the information to “foster more disruption and competition” in the streaming world. Twitch has confirmed the breach and tweeted that they are working with urgency to understand its full extent.
As F-Secure’s Jarno Niemela on Channel Future explains, it’s too early to say what the actual impact of the attack on users will be as the attacker indicated that they have not yet released all the information they have. Given the possibility that password hashes are also getting out into the public domain, all Twitch users should instantly change their passwords and use two-factor authentication if they aren’t doing so already.
Another reason for the attack may have been to punish the platform for failing to take action against hate. As Marcus Fowler of Darktrace has pointed out, the Twitch data leak has happened following a similar one against web-hosting company Epik, known for serving right-wing websites. He also added that what we know about the leak suggests that it came from one of Twitch’s third-party providers – another incident supporting the adage that the security of a company is only as strong as the weakest link in its supply chain.
But users’ data loss is not the only problem. Twitch’s confidential data got also out and may end up on popular file-sharing platforms, where the company’s competitors can also access it and turn it to their advantage.