Twitch data breach – hackers release source code, contributor payouts, and unannounced software

The online news site VGC was the first to report that Twitch has suffered a massive data breach. A hacker has posted a 125GB torrent link to 4chan on Wednesday 6th October 2021.

Some users have started to look at the 125GB of information that has leaked, and reports so far confirm that the information is correct about their accounts, including what they have earned down to the last penny. Fortnite streamer BBG Calc told BBC News: “The earnings list got my figure 100% correct.”

According to VGC the leaked data includes :-

• The entirety of Twitch’s source code with comment history “going back to its early beginnings”
• Creator payout reports from 2019 (3 years worth in total)
• Mobile, desktop and console Twitch clients
• Proprietary SDKs and internal AWS services used by Twitch
• “Every other property that Twitch owns” including IGDB and CurseForge
• An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios
• Twitch internal ‘red teaming’ tools (designed to improve security by having staff pretend to be hackers)

At the time of publication the UK’s Information Commissioner’s Office said it had not been notified of any data breach by Twitch or Amazon.

The leak is labelled as “part one,” suggesting there could be more to come. Video Games Chronicle reports that Twitch is aware of the breach, but the company has not yet informed its userbase.

If you are a user of Twitch we recommend you change your password as soon as possible.

Twitch have now confirmed this data breach in a Tweet

We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.

— Twitch (@Twitch) October 6, 2021