Whoa, whoa, Twitch seems to have been hacked. All of it. As part of the leak:
- full source code of the project with commentary
- payout reports
- SDKs and AWS services used in the project
- other projects owned by Twitch
- Security tools (irony!)
125GB of data.
https://www.videogameschronicle.com/news/the-entirety-of-twitch-has-reportedly-been-leaked/
I somehow missed the point yesterday that Twitch also stole encrypted user passwords
https://reddit.com/r/Twitch/comments/q2gcq2/over_120gb_of_twitch_website_data_has_been_leaked/
So if you haven't changed your password there yet and haven't enabled 2fa, I don't understand what you're doing here at all
Over 120GB of Twitch website data has been leaked online (source code, encrypted passwords, streamer payouts, etc.)
CHANGE YOUR PASSWORDS AND ENABLE 2FA
A few hours ago, a 128GB data leak of Twitch was released online. This leak includes data such as "source code with comments for the website and various console/phone versions, references to an unreleased steam competitor, streamer payouts, encrypted passwords, etc."
From the source tweet thread:
http://Twitch.tv got leaked. Like, the entire website; Source code with comments for the website and various console/phone versions, refrences to an unreleased steam competitor, payouts, encrypted passwords that kinda thing. Might wana change your passwords. [1]
some madlad did post streamer revenue numbers tho incase you wana know how much bank they're making before taxes [2]
Grabbed Vapor, the codename for Amazon's Steam competitor. Seems to intigrate most of Twitch's features as well as a bunch of game specific support like fortnite and pubg. Also includes some Unity code for a game called Vapeworld, which I assume is some sort of VR chat thing. [3]
Some Vapeworld assets, including some 3d emotes with specular and albedo maps I don't have whatever version of unity installed that they used, so I'm limited in what assets i can get caps of with stuff like blener and renderdoc. There's custom unity plugins in here for devs too. [4]
From VideoGamesChronicle:
The leaked Twitch data reportedly includes:
The entirety of Twitch’s source code with comment history “going back to its early beginnings”
Creator payout reports from 2019
Mobile, desktop and console Twitch clients
Proprietary SDKs and internal AWS services used by Twitch
“Every other property that Twitch owns” including IGDB and CurseForge
An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios
Twitch internal ‘red teaming’ tools (designed to improve security by having staff pretend to be hackers)
Some Twitter users have started making their way through the 125GB of information that has leaked, with one claiming that the torrent also includes encrypted passwords, and recommending that users enable two-factor authentication to be safe. [5]
UPDATE: One anonymous company source told VGC that the leaked Twitch data is legitimate, including the source code.
Internally, Twitch is aware of the breach, the source said, and it’s believed that the data was obtained as recently as Monday. [6]
From the quick research I can do, the leak data is easily discoverable. The biggest thing here that would apply to most people would be the leak of encrypted passwords. To be safe, I would recommend changing your password immediately.
The entirety of Twitch has reportedly been leaked
An anonymous hacker claims to have leaked the entirety of Twitch, including its source code and user payout information.
The user posted a 125GB torrent link to 4chan, stating that the leak was intended to “foster more disruption and competition in the online video streaming space” because “their community is a disgusting toxic cesspool”.
VGC has not downloaded the torrent in its entirety and is of course not linking to it but can verify its apparent legitimacy, as the information listed in the 4chan post appears to be in the torrent. This includes:
- the entirety of Twitch’s source code with comment history “going back to its early beginnings”
- creator payout reports from 2019
- mobile, desktop and console Twitch clients
- proprietary SDKs and internal AWS services used by Twitch
- “every other property that Twitch owns” including IGDB and CurseForge
- an unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios
- Twitch internal ‘red teaming’ tools (designed to improve security by having staff pretend to be hackers)
Some Twitter users have started making their way through the 125GB of information that has leaked, with one claiming that the torrent also includes encrypted passwords, and recommending that users change their passwords to be safe.
The torrent also reportedly includes Unity code for a game called Vapeworld, which appears to be chat software based on Amazon’s unreleased Twitch competitor Vapor.
The anonymous leaker has stated that this is just the first part of the content due to be leaked, but hasn’t stated what they plan to also release.
Twitch has regularly found itself under fire from creators and users who feel the site doesn’t take enough action against problematic members of the Twitch community.
Last month a group of Twitch streamers called on other channels and viewers to boycott the site for 24 hours as a response to hate raids.
On the same day as the campaign was initially announced, Twitch posted a thread on Twitter explaining that it was attempting to stop hate raids but that it was not “a simple fix”.
“No one should have to experience malicious and hateful attacks based on who they are or what they stand for,” it stated. “This is not the community we want on Twitch, and we want you to know we are working hard to make Twitch a safer place for creators.
“Hate spam attacks are the result of highly motivated bad actors, and do not have a simple fix. Your reports have helped us take action – we’ve been continually updating our sitewide banned word filters to help prevent variations on hateful slurs, and removing bots when identified.
“We’ve been building channel-level ban evasion detection and account improvements to combat this malicious behaviour for months. However, as we work on solutions, bad actors work in parallel to find ways around them – which is why we can’t always share details.”
Комментарии
Отправить комментарий