By Phan Nhu Uyen Nguyen – Correspondent
An anonymous hacker posted 125 gigabytes of Twitch data to the online chat forum, 4chan, on October 6th to raise awareness about its “toxic cesspool” community.
Twitch is an American live streaming service founded in 2011. The platform becomes a lucrative business not only for streamers but even politicians use Twitch to engage with young voters in recent years. Amazon bought Twitch for $970 million in 2014.
“Jeff Bezos paid $970 million for this, we’re giving it away for free,” the anonymous hacker wrote.
The leaked data included the platform’s source code with commit history dating back to its launching in 2011 along with the source code for the mobile, desktop, and video game console Twitch clients. Twitch streamer’s financial details since August 2019 were also leaked including 81 streamers that have earned more than $1 million, with the top earner being Critical Role, a group of voice actors who stream Dungeons & Dragons, grossing nearly 10 million.
Twitch’s ‘red team’ tools, designed to improve security by having ethical hackers infiltrating Twitch’s system and code related to proprietary Software Development and internal Amazon Web Service used by Twitch were leaked as well.
Candid Wuest, vice president of Cyber Protection Research at Acronis, said the breach harmed Twitch on all fronts. The leaked data “could contain nearly the full digital footprint of Twitch, making it one of the most severe data breaches of late,” Wuest said.
SocialProof Security CEO, Rachel Tobac, said the leaked earning information could expose streamers to potential financial risk. “Even if the streamer payout data is incorrect or has been falsified, cybercriminals could still be more interested in targeting those streamers’ accounts because they know they are extra-confirmed, high-value targets,” Tobac said.
“Twitch streamers have always had an elevated threat model because they’re in the public eye, but leaked financial data increases their threat model even more,” she added.
Romanian-Canadian Twitch streamer, Octavian Morosan, was one of the highest-earning streamers on Twitch. Morosan shared that he does not feel overexposed by the breach because the nature of his job is to broadcast the details of his life to the world.
“It’s not the line of work where you can expect every level of privacy,” Morosan said.
“[The leak] shows the potential opportunity for streamers and that there really isn’t a ceiling for what you can do nowadays as a content creator. It’s unfortunate this leak happened, but we operate under the understanding that once something is sent, entered, or shared online, it will eventually be leaked. That’s the internet we live with,” he added.
Dale Schofield, vice president of New Jersey Institute of Technology Esports, said the leaked source code is promising for competition and innovation. “I have hopes, much like the hacker who did the leak, that all of this data will be used to fix Twitch as well as create competitors or improve existing services,” said Schofield.
The hacker labeled their post “part one,” suggesting there could be more to come. In the wake of this data breach, cybersecurity experts emphasize Cybersecurity Awareness Month and encourage users to activate two-factor authentication and update their passwords to strengthen the security of their online accounts.
*Pwned: is a derivation of the word “owned” originating in video game culture due to the proximity of the “o” and “p” keys. It implies that someone has been controlled or compromised.