Twitch source code, passwords, SDKs, and more made publically available in major leak
Earlier this week saw Facebook, Whatsapp, and Instagram all go down in a supposed hacking incident. However, that wasn't the only major thing to happen this Monday; apparently, Twitch was hacked, with an anonymous source posting a 125GB torrent onto 4chan today that contained user data and other sensitive information from the website. Reportedly, this data dump contains a wide variety of different things, such as the source code for Twitch, private SDKs, information about payouts that live streamers receive, clients for various platforms that Twitch is available on, and even data pertaining to other websites that Twitch owns such as IGDB and CurseForge.
Beyond that, there also appears to be an unreleased PC storefront for digital games, with the codename of Vapor, intended to compete against Steam and the Epic Games Store. As for the leaked passwords, they are reportedly encrypted. Regardless, it would be wise to change your password, or even turn on two-factor authentication for Twitch if you haven't already.
According to news outlet VGC, who broke the initial story, the following is in the torrent:
- The entirety of Twitch’s source code with comment history “going back to its early beginnings”
- Creator payout reports from 2019
- Mobile, desktop and console Twitch clients
- Proprietary SDKs and internal AWS services used by Twitch
- “Every other property that Twitch owns” including IGDB and CurseForge
- An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios
- Twitch internal ‘red teaming’ tools (designed to improve security by having staff pretend to be hackers)
According to the 4chan post, the hacker uploaded the leak in order to cause disruption and competition for Twitch, as they find the community to be toxic. While nothing else has been uploaded quite yet, the user claims that they will be leaking even more files soon in the future.