Twitch’s hacking worries aren’t over – The data leak was just “part 1”

Twitch's hacking worries aren't over - The data leak was just

Twitch’s worries are far from over

Yesterday, it was confirmed that Twitch’s security had been compromised, with over 125GB of files leaking onto the web through 4chan. This data included Twitch’s source code, the earnings of top streamers and a planned Steam-like gaming client codenamed “Vapor”.  

Twitch has acknowledged that they have been hacked and that the files released online are legitimate. However, the company has stated that there is “no indication that login credentials have been exposed”, and that “full credit card numbers are not stored by Twitch”. This means that credit card details were not exposed, though Twitch has not confirmed that hackers have not accessed login credentials. As such, we recommend that Twitch users change their passwords to ensure that their accounts, and associated accounts, are safe. 

What’s more worrying is that yesterday’s leak was labelled at “part 1”, suggesting that more of Twitch’s data may be leaked in the future. User data was not included in Twitch’s 125GB data leak, which means that Twitch’s hackers may have more problematic data to share. If yesterday’s leak was just “part 1”, Twitch’s worries are far from over. 

Currently, Twitch is actively investigating the hack, but security experts are appalled that over 100GB of data could be taken from Twitch without their security spotting it. Below is a comment from Archie Agarwal, CEO of ThreatModeller, to Threatpost. Twitch’s security team has a lot to answer for.  

    Reading of a data breach that includes the entire source code, including unreleased software, SDKs, financial reports and internal red-teaming tools will send a shudder down [the spine of] any hardened infosec professional,

This is as bad as it could possibly be.

The first question on everyone’s mind has to be: How on earth did someone exfiltrate 125GB of the most sensitive data imaginable without tripping a single alarm?” he asked. “There’s going to be some very hard questions asked internally.

Twitch's hacking worries aren't over - The data leak was just   
While Amazon/Twitch has not recommended that Twitch users change their passwords, security analysts have recommended that action. Since yesterday’s leak is said to be “part 1”, it remains to be seen how much information was leaked from Twitch. User information may be compromised, and it will take time for Twitch to assess the damage that this leak has/will cause. Twitch users may also want to enable two-factor authentication to help protect their accounts. 

you can join the discussion on Twitch getting hacked on the OC3D Forums.