Earlier this week saw Facebook, Whatsapp, and Instagram all go down in a supposed hacking incident. However, that wasn't the only major thing to happen this Monday; apparently, Twitch was hacked, with an anonymous source posting a 125GB torrent onto 4chan today that contained user data and other sensitive information from the website. Reportedly, this data dump contains a wide variety of different things, such as the source code for Twitch, private SDKs, information about payouts that live streamers receive, clients for various platforms that Twitch is available on, and even data pertaining to other websites that Twitch owns such as IGDB and CurseForge.

Beyond that, there also appears to be an unreleased PC storefront for digital games, with the codename of Vapor, intended to compete against Steam and the Epic Games Store. As for the leaked passwords, they are reportedly encrypted. Regardless, it would be wise to change your password, or even turn on two-factor authentication for Twitch if you haven't already.

According to news outlet VGC, who broke the initial story, the following is in the torrent:

• The entirety of Twitch’s source code with comment history “going back to its early beginnings”
• Creator payout reports from 2019
• Mobile, desktop and console Twitch clients
• Proprietary SDKs and internal AWS services used by Twitch
• “Every other property that Twitch owns” including IGDB and CurseForge
• An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios
• Twitch internal ‘red teaming’ tools (designed to improve security by having staff pretend to be hackers)

According to the 4chan post, the hacker uploaded the leak in order to cause disruption and competition for Twitch, as they find the community to be toxic. While nothing else has been uploaded quite yet, the user claims that they will be leaking even more files soon in the future.

Source

 

[grey72]

Now that the payroll's leaked, I can say "Stop 'donating' to millionaires, kids" and have it be factual in most cases.

 

[dude1]

What is Twitch and why should I care?

Justin.tv but in theory for gaming.
in practice for THOTS to dodge taxes working in hot tubs so they feel less whore-ish than if they had PH or OnlyFans accounts.

 

[FAST6191]

Is there even a way to enable 2 factor authentication without a phone?

Even if they don't allow anything other than phone you can probably get some SMS to email service.
Whether it and your email provider work fast enough to get in before any timeouts is a different matter.

Most however would probably say if it really matters to you then just get someone's old phone for a pittance and a pay as you go/prepaid (whatever the thing is where you pay for credit to use a phone and it sits there until you use it/for a year when it times out) to be used solely for that. Indeed anybody that actually cares about security probably already has a dedicated 2fa/password reset challenge phone over any main ones they have which they can lose, have someone actually know the number for to then clone (see many takeovers of high profile accounts -- usually a matter of tricking the phone company into redirecting the number to a new sim and most of those are better but by no means good), have someone watch the unlock code over the shoulder for or similar.

 

[jt_1258]

huh, intresting to see there still kicking around some old info for curseforge despite selling it. I guess it makes sense

 

[ertaboy356b]

Oh No! what about those hut tubs streamers!

 

[Ryab]

Is there even a way to enable 2 factor authentication without a phone?

nope phone only

 

[DinohScene]

Oh Twitch...

 

[The Catboy]

I am glad I didn’t use the same password or email on Twitch as I do other services. But now upset because my banking details was attached to my account :/
Edit: looks like that’s not part of the leak, but I am going to see if can remove my banking details or replace them with something temporary.

 

[Thulinma]

I asked myself the same thing about twitter...
Github allows for mail at least...

EDIT:
Wait... my epic double posts are nolonger merged ?
Y ?

Yes, you can. They require an authenticator application, but it is not required to run that on a phone. There are desktop authenticator implementations; they are generic and all compatible with each other.

 

[Sonic Angel Knight]

Even if they don't allow anything other than phone you can probably get some SMS to email service.
Whether it and your email provider work fast enough to get in before any timeouts is a different matter.

Most however would probably say if it really matters to you then just get someone's old phone for a pittance and a pay as you go/prepaid (whatever the thing is where you pay for credit to use a phone and it sits there until you use it/for a year when it times out) to be used solely for that. Indeed anybody that actually cares about security probably already has a dedicated 2fa/password reset challenge phone over any main ones they have which they can lose, have someone actually know the number for to then clone (see many takeovers of high profile accounts -- usually a matter of tricking the phone company into redirecting the number to a new sim and most of those are better but by no means good), have someone watch the unlock code over the shoulder for or similar.

I don't know, it just seems a bit much. I understand the security, but I mean other things done something similar. Like Using a backup email for verification if you need to. Which makes sense since you basically may need various emails for different devices.

Microsoft/Hotmail email for Windows
Gmail for android (I have Nvidia shield android, not phone)

 

[Deleted member 570073]

Yes, you can. They require an authenticator application, but it is not required to run that on a phone. There are desktop authenticator implementations; they are generic and all compatible with each other.

They let you use any 2fa other than Authy, but to do so still requires you to register your phone number and attach it to your Twitch (and it still creates an Authy account.)

Doesnt matter, either way. If you don't use the app 2fa, Twitch defaults to email 2fa for logins, just like Steam Guard does. I've been using this for a while because there's no way I'm linking my phone number to Twitch.

Their app 2fa implementation is actually pathetic, and *weaker* than the default email authentication, because their app 2fa implementation also enables sms 2fa that you can't turn off. So it doesnt matter if you use an app authenticator, an attacker can still social engineer your phone provider to clone your sim, and then ask twitch on login to send 2fa token via sms instead.

The default email authentication on the other hand is rock-solid, as long as your email is reasonably secure. The only reason Steam gives it a yellow shield and pretends that it's weaker is because they want to harvest as much data as they can from you, so they'll manipulate you into believing that your account is more secure if a phone number is attached to it Blizzard does the same thing, disregarding the fact that adding phone number as a potential recovery method only *weakens* account security as a whole.

 

[TheZander]

Twitch is stupid. Watching people play video games where you don't get to take a turn to play is stupid. Did they deserve to get hacked and leaked because of this? Yes they did.

 

[FAST6191]

Twitch is stupid. Watching people play video games where you don't get to take a turn to play is stupid. Did they deserve to get hacked and leaked because of this? Yes they did.

Functionally that seems the same as I don't have to watch professional football as I have a garden and can steal the dog's ball. That is to say you could find some high level play you and yours are unlikely to be able to pull off (or pull off in the spectrum of games you find yourself interested in).
Might also serve for those cases where you want to watch some gameplay and it is new enough, or multiplayer based enough, that more conventional play videos are dubious or non existent.
Some do also watch it to listen to waffling from someone theoretically funny, sexy (don't get it myself when far superior alternatives exist), entertaining in some other manner, that is reading the news to them, maybe even interacting especially if combined with some of the previous stuff...),

Now have I ever seen Twitch particularly provide anything to the wider world, much less in any kind of quality in vague proportion to the effort to find/luck in on? Fuck no. I will take my nice scripted content that someone used an editor on any day of the week. Pretty much view it as the sole domain of narcissists and ebeggars and run by petty tyrants and have yet to be proven wrong.

As far as deserve. I can't say I condone it but I will happily take it anyway and give great consideration to data and other analysis that results from it. Likely to be one of the more interesting leaks in many years if the extent of data and code is as reported.

 

[Guggimon]

It's like Youtube. But worse!

But why has GBAtemp an twitch account if it is worst???

 

[linuxares]

But why has GBAtemp an twitch account if it is worst???

Because Youtube didn't have streaming when it was made

 

[Guggimon]

Because Youtube didn't have streaming when it was made

Fair point!! i'll take it

 

[Deleted member 397813]

dont use twitch
avatar related

 

[Kioku]

Twitch needs to die... With that in mind... I need to change my password.

 

[duwen]

What is Twitch and why should I care?

Autistic Chaturbate

 

[AmandaRose]

Earlier this week saw Facebook, Whatsapp, and Instagram all go down in a supposed hacking incident.​

Source

But they weren't hacked they have admitted it was a major fuck up by themselves.

https://www.gamespot.com/articles/f...utm_content=news_module&utm_campaign=homepage