On Wednesday, 6 October, an anonymous hacker posted data to infamous message board site 4chan via a 125GB torrent link. The claimed motive: 'foster[ing] more disruption and competition in the online video streaming space' due to Twitch's 'toxic' and 'disgusting' community. The data package includes (among other things) source codes, other Twitch-owned properties and creator payout reports. This information allows attackers to more easily breach the site and shows that top creators are earning more than viewers may have initially believed. The presence of encrypted user passwords is uncertain.
The release of payouts has caused particular controversy. Some claim the numbers are inaccurate, others are outraged at the amount of money a privileged few earn for playing video games. If the torrent is to be believed, some make millions on the platform, similar to YouTube and Instagram influencers. There is also the issue of creators being targeted for harassment based on not making as much as others.
Of course, given that 'all of Twitch' was leaked, there's more. Some claim that a 'do not ban' list of top-paid creators has been uncovered, as well as instructions given to moderators. The latter mostly involves definitions of objectionable content, such as what constitutes 'defamation' or 'violent content' and which games are banned from being streamed on the service.
The big question: how was Twitch hacked?
On 6 October at 10:30PM PT, Twitch released this statement:
'We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party. Our teams are working with urgency to investigate the incident.'
YouTuber Dave Farley adds that it's important for web developers to 'understand libraries and infrastructure and what's in them.' It is also key that those developing a large, complex site like Twitch think of possible site weaknesses and utilize penetration testing to ensure their site is secure. Penetration testing is a technique in which cybersecurity professionals try to attack the site in order to find loopholes.
CyberSoc offers this advice to students who use Twitch and other online streaming services: