CyberSoc on the Twitch data breach

Our Head of Current Affairs takes a look at the Twitch data breach...

Elizabeth Meade
4th November 2021
Credit: Twitch via Twitter

Twitch.tv is a ubiquitous site used by many students to stream and enjoy diverse content, especially gaming and e-sports. However, a recent data breach has made many question what they thought they knew about the popular platform. Newcastle University's Cyber Society--dedicated to education about cybersecurity techniques and personal safety online--takes a look at what it all means.

On Wednesday, 6 October, an anonymous hacker posted data to infamous message board site 4chan via a 125GB torrent link. The claimed motive: 'foster[ing] more disruption and competition in the online video streaming space' due to Twitch's 'toxic' and 'disgusting' community. The data package includes (among other things) source codes, other Twitch-owned properties and creator payout reports. This information allows attackers to more easily breach the site and shows that top creators are earning more than viewers may have initially believed. The presence of encrypted user passwords is uncertain.

The release of payouts has caused particular controversy. Some claim the numbers are inaccurate, others are outraged at the amount of money a privileged few earn for playing video games. If the torrent is to be believed, some make millions on the platform, similar to YouTube and Instagram influencers. There is also the issue of creators being targeted for harassment based on not making as much as others.

Of course, given that 'all of Twitch' was leaked, there's more. Some claim that a 'do not ban' list of top-paid creators has been uncovered, as well as instructions given to moderators. The latter mostly involves definitions of objectionable content, such as what constitutes 'defamation' or 'violent content' and which games are banned from being streamed on the service.

The big question: how was Twitch hacked?

On 6 October at 10:30PM PT, Twitch released this statement:

'We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party. Our teams are working with urgency to investigate the incident.'

YouTuber Dave Farley adds that it's important for web developers to 'understand libraries and infrastructure and what's in them.' It is also key that those developing a large, complex site like Twitch think of possible site weaknesses and utilize penetration testing to ensure their site is secure. Penetration testing is a technique in which cybersecurity professionals try to attack the site in order to find loopholes.

CyberSoc offers this advice to students who use Twitch and other online streaming services:

  • Change your password, ensuring you include numbers, symbols and both upper and lowercase characters.
  • Be aware of the rules that sites like Twitch have for content (e.g. games that may be banned due to violence).
  • Don't enter sensitive information into sites that seem untrustworthy or are known to be insecure.
AUTHOR: Elizabeth Meade
(she/her) 4th year Chem student. Former Head of Current Affairs and Former Science Sub-Editor. Avid reader. Chaos theorist. Amateur batrachologist and historian. Rock fan. Likes cybersecurity and cooking. Wrote the first article for Puzzles. Probably the first Courier writer to have work featured in one of Justin Whang's videos.

Leave a Reply

Your email address will not be published. Required fields are marked *

ReLated Articles
magnifiercross
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram
Copy link
Powered by Social Snap