TECH NEWS – The live streaming site Twitch says a “bug” caused the unprecedented leak that published a massive amount of sensitive data online this week. It’s one of, if not the, most severe scandals in recent memory.
The data included internal Twitch codes and documents, as well as payments to thousands of top streamers. Twitch now claims that the breach was caused by a “server configuration change” that “exposed” some of the data. However, they have not confirmed whether all the data published online is actual. According to the Amazon-owned company, the breach “involved a Twitch server configuration change that a malicious third party later accessed. As the investigation is ongoing, a detailed understanding of the impact is still being developed,” the company said.
But while Twitch streamers and viewers alike scrambled to change passwords, the company also said:
- “for now”, there is no indication that login credentials have been compromised.
- they do not store users’ credit card details, so this kind of financial information could not be disclosed.
- resets all users’ stream keys – the unique code used by streaming software to stream to the appropriate Twitch account.
Twitch’s brief statement in the ban suggests that the company is in full crisis mode. Information technology (IT) teams and security experts are still trying to understand how serious the data leak is. The hacking was explained as some human error with a “server configuration”. In other words, someone misconfigured the computers that stored Twitch’s private data so that it could be found and downloaded by hackers.
What the company has not said is when this error occurred. Some of the stolen data dates back three years, so there’s a chance the servers have been idle for some time – or the bug only left the door open for a few days or weeks. Hackers are constantly searching and scanning available databases on the internet – but it’s even possible that someone tipped off the hackers about an internal IT blunder.
But making such mistakes can be costly – especially when it comes to a big target like Twitch. Wednesday’s leak took the form of a torrent file posted by an anonymous user on online forums. The file structure includes folders containing payment information, business documents, software files and code, and even details of unreleased projects.
And the payments folder contains what appears to be data on payments made to thousands of the platform’s biggest streamers over two years – revealing that many of the biggest brands are earning millions of dollars. Several streamers have told BBC News that the payout data is accurate for their earnings. This raises problems for the company.
“Twitch is going to suffer a lot more damage now,” said Candid Wuest of cybersecurity firm Acronis. “The breach is already causing damage to Twitch on all fronts where it matters. The expert believes that the leaked data could contain almost the entire digital footprint of Twitch, making this one of the worst data leaks in recent times”, the expert believes. “The release of payment reports from streaming clients will not make influencers happy either,” Mr Wuest added.
But an even bigger problem seems to be that the download posted online has been marked as “part one” – suggesting that more material could be published online…
Source: BBC News