Twitch hack may have just exposed more than personal data

The Twitch hack not only exposed the gaming platform's source code but also earnings of its top livestream broadcasters.
7 October 2021 | 1 Shares

(Photo by Lionel BONAVENTURE / AFP)

The recent Twitch hack may have just caused more problems than just exposing personal data. The Amazon-owned video game streaming platform had critical data leaked on the social media platform 4Chan.

Some of the data exposed included Twitch’s source code, a spreadsheet detailing earnings for the platform’s top gamers, and Amazon Game Studios product under development and the entirety steaming history of Twitch.tv.

According to reports, the listing of Twitch’s top earners shows gross earnings reaching US$9.6 million for the platform’s top account, CriticalRole. The account generated an average of US$370,000 a year. The list also detailed at least 80 accounts collected more than US$1 million since 2019.

Twitch has since confirmed the breach and said they are “working with urgency to understand the extent of this” and will update the community as soon as additional information is available. Bloomberg reported that the hacker said the purpose of the leak was to “foster more disruption and competition in the online video streaming space,” which he described as a “disgusting toxic cesspool.”

For Twitch, this may be the more concerning news. Users on the thread have applauded the Twitch hack, which some feel may have been a vigilante exercise in exposing the pay of top earners. In fact, the leak had also spawned a site – TwitchEarnings.com – for users to scan through the data and search thousands of Twitch handles by name.

As the leading broadcaster of video gameplay, Twitch has an average of 15 million daily users. While the data exposed was only 128GB, the content of the data is significant enough to cause some friction among users of the platform.

Many users have criticized the platform for not doing enough to handle hate raids, which occurs when attackers of bots bombard Livestream chat boxes with homophobic, racist, or sexist content. Some users even boycotted the platform who the company’s lack of response to these hate raids.

The Twitch hack is not the first cyber hack targeting a gaming platform. Several months ago, premier game developer Electronic Arts was hacked with attackers claiming to have downloaded the source code for games such as FIFA 21. Polish game developer, CD Projekt SA also suffered a hack earlier this year, with attackers claiming to auction the source code for games on the dark web.

Candid Wuest, Acronis VP of Cyber Protection Research believed that hack could still be much worse, as there is a lot more damage now in store for Twitch.

“While it is yet unclear how the breach happened, it’s already harming Twitch on all the fronts that count – revenue, operations, users, influencers, market positioning. Leaked data could contain nearly the full digital footprint of Twitch, making it one of the most severe data breaches of late. The 125 GB of data leaked so far might just be the start, according to the comments of the attacker.”

Wuest added that internal network plans and marketing plans for future products could now be misused by attackers or sold to competitors.

“If the source code is exposed, we will see a spike in vulnerabilities discovered in related software. Having access to the source code makes it easy to find weak spots,” said Wuest. Releasing payout reports for streaming clients will not make the influencers happy either, especially with dozens of Twitch streamers who seem to have been paid over US$1 million each overtime. For the users, an immediate password change & enabling of two-factor authentication are a must.”