Security Market Segment LS
Thursday, 07 October 2021 00:19

Massive data breach at Twitch.tv Featured

By

Reports are emerging of a breach at Twitch.tv that suggest hackers captured EVERYTHING right up until Monday, perhaps Tuesday (US time) this week.

‘Everything’ was described by one Twitter user as “Like, the entire website; Source code with comments for the website and various console/phone versions, references to an unreleased steam competitor, payouts, encrypted passwords that kinda thing.” They added unironically, “Might wana change your passwords.”

Might indeed.

Initially Twitch affiliated users were sceptical (on Twitter) as an initial payment database suggested some very generous payouts, but later data had multiple users confirming the data was a very close match to their own records.

According to HaveIBeenPwned’s Troy Hunt on Twitter, “The general consensus from the masses is "it's legit", but I'm yet to see any analysis yet. The torrent is being shared pretty extensively, it contains 278 files totalling 125GB *compressed* so it's sizeable.” Troy lists the alleged contents of the torrent here.

At the time of writing, there is nothing on the company web site to warn users of this issue.


For the uninitiated (this writer included, we had to talk to a nearby teenager), Twitch offers a real-time streaming service where (for instance) gamers can live-stream game-play to an audience of paid subscribers. Think of it as a live version of YouTube dedicated to noobs watching great players cruise though really difficult games (I -mostly- exaggerate).

Unconfirmed suggestions are that there was a connection to current Twitch data repositories in an uncontrolled link extracted from a GitHub repository.

Jarno Niemela, Principal Researcher, F-Secure notes, "This leak is very serious for Twitch, but the question is what effects this will have for the regular Twitch user.

"From what we currently know, is that as password hashes have leaked, all users should obviously change their passwords, and use 2FA if they are not doing so already.

"But as the attacker indicated that they have not yet released all the information they have, anyone who has been a Twitch user should review all information they have given to Twitch, and see if there are any precautions they need to make so that further private information isn’t leaked."

The following is speculation.

We don’t yet know the extent of the breach, but we do know that Twitch has extensive dox for all their affiliates. The release of that information could be very ‘interesting.’ Further, ALL affiliates ought to be awake to all manner of phishing and similar contacts in the future.

This is not speculation: Hint to all Twitch-connected people; whether content producers or consumers – change your password NOW. And if you haven’t invoked 2FA, do so immediately.

 

Read 2296 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

GET READY FOR XCONF AUSTRALIA 2022

Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.


Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event

GET YOUR TICKET!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
David Heath

David Heath has had a long and varied career in the IT industry having worked as a Pre-sales Network Engineer (remember Novell NetWare?), General Manager of IT&T for the TV Shopping Network, as a Technical manager in the Biometrics industry, and as a Technical Trainer and Instructional Designer in the industrial control sector. In all aspects, security has been a driving focus. Throughout his career, David has sought to inform and educate people and has done that through his writings and in more formal educational environments.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments