Twitch downplays this month’s hack, says it had minimal affect



In an replace concerning this month’s safety incident, Twitch downplayed the breach saying that it had minimal affect and solely affected a small variety of customers.
“We have undergone a radical overview of the knowledge included within the information uncovered and are assured that it solely affected a small fraction of customers and the client affect is minimal. We’re contacting those that have been impacted instantly,” Twitch mentioned.
The corporate additionally said that no login credentials or full bank card numbers/cost knowledge belonging to customers or streamers had been uncovered following final week’s huge knowledge leak.
“Twitch passwords haven’t been uncovered. We’re additionally assured that programs that retailer Twitch login credentials, that are hashed with bcrypt, weren’t accessed, nor had been full bank card numbers or ACH / financial institution info,” Twitch added.
Information uncovered within the incident and leaked on the 4chan imageboard primarily contained paperwork from Twitch’s supply code repository and a subset of creator payout knowledge.
As defined in earlier updates issued after the assault, the attackers may achieve entry to knowledge because of a defective server configuration change that uncovered it to the Web.

We have now an replace for the group concerning final week’s safety incident. Please go to the Twitch weblog for extra info
— Twitch (@Twitch) October 15, 2021
125 GB of supply code and cost stories stolen
Though Twitch hasn’t revealed what servers had been misconfigured, the unknown particular person behind the leak mentioned the info was allegedly stolen from roughly 6,000 inner Twitch Git repositories.
“Their group can also be a disgusting poisonous cesspool, so to foster extra disruption and competitors within the on-line video streaming house, now we have utterly pwned them, and partly one, are releasing the supply code from virtually 6,000 inner Git repositories,” the nameless poster mentioned.

Picture: BleepingComputer
In response to the 4chan consumer, the archive leaked on the imageboard contained the next Twitch data:
Everything of twitch.television, with commit historical past going again to its early beginnings
Cellular, desktop, and online game console Twitch shoppers
Numerous proprietary SDKs and inner AWS companies utilized by Twitch
Each different property that Twitch owns, together with IGDB and CurseForge
An unreleased Steam competitor from Amazon Recreation Studios
Twitch SOC inner pink teaming instruments (lol)
Creator payout stories from 2019 till now.
The 4chan thread was named “twitch leaks half one,” which hints at further stolen knowledge prone to be leaked sooner or later.