This morning, an anonymous hacker released what they claim is an enormous cache of proprietary data from Twitch, the popular streaming platform, including Twitch.tv source code and streamers’ revenue information.
“Jeff Bezos paid $970 million for this, we’re giving it away FOR FREE,” wrote the poster on 4chan. Today’s leak, which its original poster described as “extremely poggers,” is by far the biggest to ever hit Twitch, which was acquired by Amazon in 2014.
The leak, first reported by Video Games Chronicle, reportedly contains 125 GB of data. That data includes the source code for Twitch.tv; Twitch’s mobile, desktop and game console clients; proprietary SDKs; Twitch-owned properties including Vapor, Amazon’s alleged Steam competitor from Amazon Game Studios; and internal security tools. The leak does not appear to contain streamers’ or users’ personal information, but the damage appears extensive. The post is titled “twitch leaks part one,” implying that there may be more to come.
“Anytime source code gets leaked it’s not good and potentially disastrous,” says Ekram Ahmed, spokesperson at security firm Check Point. “It opens a gigantic door for evil doers to find cracks in the system, lace malware, and potentially steal sensitive information.”
The 4chan poster also referenced Twitch’s recent wave of hate raids, in which botmakers have been spamming marginalized streamers’ chats with bigoted harassment. Mentioning the #DoBetterTwitch hashtag (more commonly #TwitchDoBetter), the poster claimed that Twitch is a “disgusting cesspool.” They wrote that the leak, which appears to contain huge amounts of proprietary data, is to “foster more disruption and competition in the online video game streaming space.” Twitch has introduced several new tools to combat these hate raids, and sued two alleged hate raiders last month.
Twitch did not immediately respond to WIRED’s request for comment, but confirmed Wednesday morning that a breach had taken place. “Our teams are working with urgency to understand the extent of this,” the official Twitch account tweeted. “We will update the community as soon as additional information is available.”
“I wish I could say I’m surprised,” says Avery, a streamer who goes by Littlesiha and does not publicly share her last name for privacy reasons. “It took Twitch two months to find a way to protect marginalized creators that were getting harassed, threatened, and doxxed through chatbot raids. Security on the site feels like a joke at this point.”
While much of the data appears to be legitimate, there is some debate over the accuracy of streamers’ revenue numbers. Some streamers have tweeted that their payout numbers are accurate, while others have claimed otherwise. “It was wrong, for my number,” said popular Twitch personality Asmongold while streaming Amazon’s new video game New World this morning.
Also streaming on Twitch, Nick “NMP” Polom said “I kind of feel violated right now.” His viewers, numbering in the tens of thousands, took the leak as an opportunity to meme, donating money attached to messages like “Seems like you need this more than me. I work at McDonald’s.” (On Twitter, he wrote that he is “live right now being relentlessly SHIT ON by my community for being ‘poor.’ THANKS @twitch.”) Although many streamers have expressed deep worry over the leak, some are turning it into a joke: Top streamer Chance “Sodapoppin” Morris, who was 42nd in the streamer revenue number list, begged his viewers not to view it as real: “I swear I’m one of the richest ones on the platform,” he joked. “I make WAY more than that.” (For many top streamers, Twitch payouts are just one revenue stream among many.) Streaming on Twitch, Felix “xQc” Lengyel shouted, “I told y’all—it’s trillionaire with a fucking ‘T’!”
social experiment by Livio Acerbo #greengroundit #wired https://www.wired.com/story/devastating-twitch-hack-sends-streamers-reeling