An anonymous hacker claims to have accessed the “entirety of Twitch,” including the website’s source code, encrypted user login information, and the payout information of the platform’s top streamers. The hack also affects parent company Amazon’s other properties, such as IGDB and CurseForge, and data relating to Amazon’s unreleased competitor to Steam known as “Vapor,” among other data.
Originally posted on 4chan’s technology board, the anonymous hacker states that the Twitch hack is “part one” of a series of leaks that will release via Torrent. Furthermore, they state that the main reason behind the hack was in order to “foster more disruption and competition in the online video streaming space” because the “community is also a disgusting toxic cesspool,” ending the post with the #DoBetterTwitch hashtag. Whether or not the hack is actually intended as a criticism of the massive IT conglomerate is yet to be seen.
Below is a list of the information leaked in the 125 GB hack:
- The entirety of twitch.tv, with commit history going back to its early beginnings
- Mobile, Desktop, and Console Twitch clients
- Various proprietary SDKs and internal AWS services used by Twitch
- Every other property that Twitch owns including IGDB and CurseForge
- An unreleased Steam competitor from Amazon Game Studios (Vapor)
- Twitch SOC internal red teaming tools (a practice where internal teams act as possible hackers in order to find security vulnerabilities)
https://t.co/7vTDeRA9vt got leaked. Like, the entire website; Source code with comments for the website and various console/phone versions, refrences to an unreleased steam competitor, payouts, encrypted passwords that kinda thing.
Might wana change your passwords.
— Sinoc (@Sinoc229) October 6, 2021
According to VGC, an anonymous company source has already confirmed the legitimacy of the leaked data.
While Twitch has yet to issue a statement on the hack (see below), users are recommended to change their passwords and turn on two-factor authorization in order to prevent account takeovers. Additionally, the leaked data reveals the payout numbers for some of the highest-earning Twitch streamers going back to 2019.
Notably, users found code for an unreleased competitor client to Steam codenamed “Vapor” within the data, as well as an unreleased Unity game called Vapeworld. Vapor, on the other hand, looks to integrate many of Twitch’s existing features into a single game store.
Twitch has responded to the breach saying it is aware and investigating the extent and scope of the issue.
We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.
— Twitch (@Twitch) October 6, 2021
A breach of this scale on one of the biggest streaming platforms is expected to have massive repercussions in the coming days and weeks.