Twitch reveals how it was hacked

Twitch has responded to yesterday’s massive leak that exposed the service’s source code, high-profile streamers’ earnings, and a lot more. The Amazon-owned site has blamed the incident on “a malicious third party,” and confirmed it resulted from an error in a server configuration change.

A 4Chan user posted the 125GB torrent link early Tuesday, saying it was to “foster more disruption and competition in the online video streaming space” because “their community is a disgusting toxic cesspool.” They also included the #DoBetterTwitch hashtag used by female and minority streamers who have been subject to bot-filled hate raids, which led to a group of streamers calling for a 24-hour boycott of the service.

The leak, said to be “part one,” included source code for Twitch and its services, comment history going back to 2019, clients, proprietary SDKs and internal AWS services, internal ‘red teaming’ tools, a VR chat game, and an unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios.

Popular streamer Kaitlyn “Amouranth” Siragusa earned $1.3 million from Twitch between August 2019 and October 2021

Twitch has now responded to the incident. “We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party. Our teams are working with urgency to investigate the incident,” reads the company’s statement, which you can read in its entirety below.

There were reports that the leak included encrypted passwords, and some recommended users change their logins while also enabling two-factor authentication and resetting their stream keys. The company says it has now reset all stream keys ‘out of an abundance of caution.’

Twitch says that there is no indication login credentials have been exposed. Additionally, full credit card numbers were safe as they are not stored by Twitch.

Part of the leak revealed the millions of dollars earned by the top streamers on Twitch. Popular Canadian streamer Félix Lengyel, better known as xQcOW, made almost $8.5 million between August 2019 and October 2021—and that’s just from Twitch; it doesn’t include sponsorships.

But some of those who made the high-earners list are wondering why people seem so surprised by how much they make. “The strangest thing about people being shocked to learn how much certain Twitch streamers have earned is that the information has always been publicly available,” wrote Alanah Pearce.

Twitch’s full statement:

We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party. Our teams are working with urgency to investigate the incident.

As the investigation is ongoing, we are still in the process of understanding the impact in detail. We understand that this situation raises concerns, and we want to address some of those here while our investigation continues.

At this time, we have no indication that login credentials have been exposed. We are continuing to investigate.

Additionally, full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed.