In an update regarding this month’s security incident, Twitch downplayed the breach saying that it had minimal impact and only affected a small number of users.
“We’ve undergone a thorough review of the information included in the files exposed and are confident that it only affected a small fraction of users and the customer impact is minimal. We are contacting those who have been impacted directly,” Twitch said.
The company also stated that no login credentials or full credit card numbers/payment data belonging to users or streamers were exposed following last week’s massive data leak.
“Twitch passwords have not been exposed. We are also confident that systems that store Twitch login credentials, which are hashed with bcrypt, were not accessed, nor were full credit card numbers or ACH / bank information,” Twitch added.
Data exposed in the incident and leaked on the 4chan imageboard primarily contained documents from Twitch’s source code repository and a subset of creator payout data.
As explained in previous updates issued after the attack, the attackers could gain access to data due to a faulty server configuration change that exposed it to the Internet.
We have an update for the community regarding last week’s security incident. Please visit the Twitch blog for more information https://t.co/DatpHD4Bja
— Twitch (@Twitch) October 15, 2021
125 GB of source code and payment reports stolen
Although Twitch hasn’t revealed what servers were misconfigured, the unknown individual behind the leak said the data was allegedly stolen from roughly 6,000 internal Twitch Git repositories.
“Their community is also a disgusting toxic cesspool, so to foster more disruption and competition in the online video streaming space, we have completely pwned them, and in part one, are releasing the source code from almost 6,000 internal Git repositories,” the anonymous poster said.
According to the 4chan user, the archive leaked on the imageboard contained the following Twitch info:
- The entirety of twitch.tv, with commit history going back to its early beginnings
- Mobile, desktop, and video game console Twitch clients
- Various proprietary SDKs and internal AWS services…