Amazon's (NASDAQ: AMZN) streaming platform Twitch has confirmed that a recent data breach resulted in 125GB of data being posted anonymously on 4Chan for download. Twitch says that leaked information included creator earnings since 2019, the platform's entire source code, and more, but that it had "no indication" that the leak contained credit card or login information, "at this time".
However, the hacker called this leak "Part One" and suggested that more data was yet to come. According to the hacker, they accessed all of that information and "every other property that Twitch owns". Twitch has stated that it doesn't store complete credit card numbers, so that sort of information could not have been accessed.
Twitch said the hacker was able to access its data thanks to an error made during a server configuration change, meaning the hack occurred due to human error. While it's unclear how long the fault in Twitch's privacy has existed, the time range of the creator data reportedly suggests that the servers storing Twitch's private data have been vulnerable for quite some time.
According to Video Games Chronicle, which first reported the leak, the hacker said that they hoped their actions would "foster more disruption and competition in the online video streaming space", a space which the hacker called a "disgusting toxic cesspool".
While Twitch has so far denied such claims, some sources say that the leaked information did include encrypted passwords. Twitch users are being encouraged to change their passwords and to set up two-factor authentication for their accounts.
Following the breach, Twitch reset the keys that streamers use to begin their streams, "out of an abundance of caution".
Within days of the leak, Twitch underwent an unsanctioned redesign, with some images being replaced by a closely cropped photo of Jeff Bezos, Amazon's founder and former chief executive officer. The photo is reportedly meant to resemble a popular emote used on the platform, known as a "PogChamp". While the redesign hasn't been officially connected to the hack, it's unlikely to be a coincidence.
"The breach is already harming Twitch on all the fronts that count," Candid Wuest, of cyber-security company Acronis, told the BBC. "Releasing payout reports for streaming clients will not make the influencers happy either."