Twitch is the victim of a major incident. Vast amounts of confidential information found its way online, as well as source code, internal tools, and lists showing streamers' earnings. Twitch has confirmed to be a victim.
TWITCH LEAK: WHAT IS IT?
This may be the worst information leak that Twitch has ever experienced. According to elements published on the web this Wednesday, October 6, the live broadcasting platform is the victim of a colossal incident, which has resulted in the dissemination of numerous confidential information, in particular the sums collected by videographers over the past three years. .
Hours later, in an official 5 p.m. message, Twitch confirmed that a "compromise" had taken place. "Our teams are working in a rush to understand what happened," it wrote.
A gigantic file
The data of this leak is offered in a torrent file, which circulates among others on 4chan, the famous imageboard - a kind of specialized forum where everyone is anonymous - with a very sulphurous reputation. The archive in question weighs over 135 GB and is shared in specific sections of the 4chan site.
Some information was copied to the Pastebin platform in parallel (i.e. streamers' earnings), but this link was then made inactive.
Numerama was able to access these Pastebin documents, as well as some Twitter feeds and discussions on 4chan. We are in the process of verifying the veracity of this immense leak and the elements that we have seen, especially in the source code, lend credibility to the reality of the leak. We have also made contact with Twitch to confirm the reality of the incident and to obtain details, if any, on the circumstances of the leak.
According to an anonymous source who works for the company, and who indulged in VideoGamesChronicle, all of this information is real. They would have been recovered on Monday, October 4, 2021. At least one French streamer, Zerator, has confirmed the veracity of the figures circulating.
This leak could be followed by one or more others. Indeed, on one of the threads posted on 4chan, the title of the title reads "twitch leaks part one". It is not clear, however, when the next disclosure (s) will occur, or what they will contain. It is feared that the next compromises will affect Internet users with an account, or more broadly Amazon, the parent company of Twitch.
WHAT LEAKED?
All Twitch Source Code
According to the user who uploaded the archive of 135 and a few gigas, the leak today mainly concerns the software repositories of Twitch. This would therefore include the source code of the site, various mobile applications, moderation and development tools as well as all the history of the code. This would already constitute a considerable database since having access to all these tools makes it possible to detect flaws, to understand how algorithms, recommendation tools, etc.
Income from Twitch streamers
It appears that financial information has also been leaked. The revenues (over 3 years) of more than 10,000 Twitch streamers have been posted online. However, it seems unlikely that Twitch will host this kind of data on its software repositories. The leak of accounting data seems to serve more to draw attention to this large-scale leak. The idea, according to one of the officials behind the leak, also seems to put the streamers in an awkward position.
This leak allows, however, to underline a sad reality. Of the 100 highest paid streamers in the world, there are only three women.
Significant amounts of confidential Twitch-related data are now believed to be in the wild. // Source: Marco Verch
Vapor
The leak would also concern projects in development. Among them, we find traces of the Vapor project, a competitor to the Steam game store that Amazon is said to be developing.
AWS Access Codes
Finally, to make matters worse, some access codes to the AWS platform (which hosts Twitch) also appear to be available in the archive. This is very bad news for Twitch and Amazon as access to production servers opens up a lot of doors to retrieve even more data.
Passwords?
Passwords and personal information for Twitch viewers, however, do not appear to have been leaked yet. That said, this 135 GB archive is labeled as the "first part" of this Twitch leak. It is therefore possible that a second file will arrive later. It is not excluded that the latter contains the connection data of Internet users using Twitch. The platform initially uses encryption methods to keep passwords secret, even in the event of an intrusion. However, other personal information such as email address or phone number may be visible.
Other little Twitch secrets
British streamer OnScreen has noticed, while peeling a few documents from Twitch's huge leaks file, information regarding the mysterious "Golden Kappa", a cult emoticon on the platform (although completely unknown to newbies). Twitch legend had it that this emoticon was supposed to be assigned randomly, by algorithm, to one Twitch user at a time, every 24 hours. But in the leaked code, we notice that this power actually depended on a handful of Twitch employees. A world is falling apart?
WHO IS CONCERNED ?
As it stands, it's mostly the videographers who make a living on Twitch who are struggling. Indeed, their supposed gains appear in the leak and are already formatted in tables for easier research. A priori, the amounts involved are the amounts won between August 2019 and October 2021. Some tables even classify videographers according to the money received.
There are naturally many videographers from across the Atlantic to be found in these columns, such as Pokimane, Asmongold and HasanAbi, to name just three. But there are also French-speaking sizes: Zerator, kamet0, mistermv, Sardoche, Squeezie, Zoltan, Domingo, Ponce, Tonton, Lapi, etc. To put it another way, it's the whole Twitch-game that's mentioned in these documents.
Streaming celebrities, like Ninja here, see their business exposed. // Source: Capture Youtube / Ninja
One of the heavyweights of the Twitch-game in France, Zerator, split a long message on Twitter to confirm on the one hand that "the figures in the table are true", but that, moreover, it is important to contextualize and understand them: it is in no way a profit, but a turnover, which rather reflects the economic activity of a possible production company behind a streamer.
No comments:
Post a Comment