Twitch's data has been leaked on a significant scale, including source code for the site, an unreleased Steam competitor, and details of contributor payouts.
"We can confirm a breach has taken place," Twitch wrote on Twitter (opens in new tab) at 11 AM Eastern today. "Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us."
The leak is malicious in nature, but it's unclear whether user data itself was exposed, as most of the information so far points to internal information being the target. As reported earlier in the day by by VGC (opens in new tab) an anonymous hacker posted to 4chan earlier this week with a 125GB torrent link, which they claim contains the "entirety of twitch.tv, with commit history going back to its early beginnings."
"Their community is also a disgusting toxic cesspool, so to foster more disruption and competition in the online video streaming space, we have completely pwned them," the post reads. The hacker claims that the torrent file also includes:
- Mobile, desktop and console Twitch clients
- Various proprietary SDKs and internal AWS services used by Twitch
- Every other property that Twitch owns including IGDB and CurseForge
- An unreleased Steam competitor from Amazon Game Studios
- Twitch SOC internal red teaming tools
- Creator payouts from 2019 until now
https://t.co/7vTDeRA9vt got leaked. Like, the entire website; Source code with comments for the website and various console/phone versions, refrences to an unreleased steam competitor, payouts, encrypted passwords that kinda thing. Might wana change your passwords.October 6, 2021
Creator payout data has already begun making the rounds online (opens in new tab), as well as small bits of information on Amazon's unreleased Steam competitor. Dubbed Vapor, it appears to make use of the majority of Twitch' features, along with special built-in support for popular games like Fortnite and PUBG according to @Sinoc229 (opens in new tab) on Twitter. There's also a separate game called Vapeworld, assumed to be something along the lines of a VR chatroom.
As streamers across the world awoke to discover the news today, many chimed in to corroborate that leaked payout information about them was accurate. The mood among streamers seems fairly chill though, with most goofing on each other and keeping things lighthearted. HasanAbi has acknowledged the leak, along with xQc and Sodapoppin.
HEY @Twitch EXPLAIN? pic.twitter.com/VfZ2pXi5ZvOctober 6, 2021
just woke up to some fun news. cant wait for ppl to be mad at me about my publicly available sub count again.October 6, 2021
The hacker claims that this is just "part one" of the leak, with presumably more to come in the future. You also may want to change your Twitch password as a precaution, as Sinoc says the file contains encrypted passwords. With anyone currently able to get their hands on the file, it would be best to err on the side of caution.