Twitch, an esports live streaming platform owned by Amazon.com, blamed an error in the server configuration change that could have allowed a suspected hacker to leak sensitive information.
The video platform said it is still evaluating the impact and has reset all flow keys, or codes that allow influencers and streamers to log in and post content for users.
Video Games Chronicle previously reported that an anonymous hacker claimed to have leaked Twitch data, including source code and information about its customers and unreleased games.
Earlier this week, Facebook blamed a faulty configuration change during routine maintenance work on its data center networks for the nearly six-hour outage, which left 3.5 billion users out of the way. company to access its social media and messaging services.
The social media giant later confirmed that the error was not due to malicious activity.
“Facebook has essentially withdrawn from the Internet, but has not lost sensitive information. For Twitch, it was just bad luck, ”said Candid Wuest, Head of Cyber Protection Research at Acronis.
A configuration change, which essentially means a change in routine maintenance of an IT infrastructure consisting of turning a network drive on or off or renaming it, may have allowed a third party to access Twitch data. , said Wuest.
Twitch, a popular platform among video gamers where they interact with users while streaming live content, said there was no indication of any exposure of user login information. The platform also added that it does not store full credit card details.
The motive of the Twitch hacker was to foster more disruption and competition in the online video streaming space, according to the Video Games Chronicle report.
Around 125GB of data has been leaked, including details of Twitch’s highest-paid video game streamers since 2019, such as a $ 9.6 million payout to popular game voice actors Dungeons & Dragons and 8 , $ 4 million to Canadian streamer xQcOW, according to the report.
“The Twitch leak is real. Includes a significant amount of personal data, ”tweeted Kevin Beaumont, cybersecurity expert.
Twitch, with more than 30 million daily visitors on average, has become increasingly popular with musicians and video players.
“Every time the source code is leaked, it’s bad and potentially disastrous. This opens a huge door for criminals to find loopholes in the system, create malware and potentially steal sensitive information, ”said Sundar Balasubramanian, managing director of Check Point Software Technologies, India and SAARC.
For October Cyber Security Awareness Month, Check Point Research documented a 40% increase in cyber attacks this year, compared to 2020.
Candid Wuest, Acronis vice president for cyber protection research, said: “Could be a lot worse – a lot more damage is now in store for Twitch. While it’s not yet clear how the breach came about, it’s already hurting Twitch on every front that matters – revenue, operations, users, influencers, market positioning.
The data breach could contain almost all of Twitch’s digital footprint, making it one of the most serious data breaches in recent times. The 125GB of data leaked so far might just be just the start. Internal network plans and marketing plans for future products could now be misused by attackers or sold to competitors.
“If the source code is exposed, we will see a spike in vulnerabilities discovered in related software. Having access to the source code makes it easy to find weak points. “
“Publishing payment reports for streaming customers isn’t going to please influencers either – dozens of Twitch streamers appear to have been paid over $ 1 million each over time. For users, an immediate password change and enabling two-factor authentication is a must, ”Candid Wuest said in a statement.