Friday, October 15, 2021

AMAZON OWNED
Twitch downplays this month's hack, says it had minimal impact
By Sergiu Gatlan
October 15, 2021



In an update regarding this month's security incident, Twitch downplayed the breach saying that it had minimal impact and only affected a small number of users.

"We've undergone a thorough review of the information included in the files exposed and are confident that it only affected a small fraction of users and the customer impact is minimal. We are contacting those who have been impacted directly," Twitch said.


The company also stated that no login credentials or full credit card numbers/payment data belonging to users or streamers were exposed following last week's massive data leak.

"Twitch passwords have not been exposed. We are also confident that systems that store Twitch login credentials, which are hashed with bcrypt, were not accessed, nor were full credit card numbers or ACH / bank information," Twitch added.

Data exposed in the incident and leaked on the 4chan imageboard primarily contained documents from Twitch's source code repository and a subset of creator payout data.

As explained in previous updates issued after the attack, the attackers could gain access to data due to a faulty server configuration change that exposed it to the Internet.



125 GB of source code and payment reports stolen

Although Twitch hasn't revealed what servers were misconfigured, the unknown individual behind the leak said the data was allegedly stolen from roughly 6,000 internal Twitch Git repositories.

"Their community is also a disgusting toxic cesspool, so to foster more disruption and competition in the online video streaming space, we have completely pwned them, and in part one, are releasing the source code from almost 6,000 internal Git repositories," the anonymous poster said.

Image: BleepingComputer

According to the 4chan user, the archive leaked on the imageboard contained the following Twitch info:
The entirety of twitch.tv, with commit history going back to its early beginnings
Mobile, desktop, and video game console Twitch clients
Various proprietary SDKs and internal AWS services used by Twitch
Every other property that Twitch owns, including IGDB and CurseForge
An unreleased Steam competitor from Amazon Game Studios
Twitch SOC internal red teaming tools (lol)
Creator payout reports from 2019 until now.

The 4chan thread was named "twitch leaks part one," which hints at additional stolen data likely to be leaked in the future.

Related Articles:

Twitch: No credentials or card numbers exposed in data breach

Massive Twitch hack: Source code and payment reports leaked

Accenture confirms data breach after August ransomware attack

Acer confirms breach of after-sales service systems in India

T-Mobile says hackers stole records belonging to 48.6 million individuals


No comments:

Post a Comment