Twitch Confirmed Data Breach Occurred Due to Server Configuration Error

Twitch Confirmed Data Breach Occurred Due to Server Configuration Error

The data breach exposed the earnings of streamers and revealed the vulnerabilities that the streaming platform still needs to work on.

On Oct 6, 2021, Twitch confirmed a data breach that points to an error in the Twitch server configuration change. The leaked data appeared to have Twitch’s internal source code and documents, reports regarding payouts, and details about an unreleased Steam competitor from Amazon Game Studios. Twitch later stated that the breach occurred due to a server configuration change that exposed the data.

On the same day, an anonymous hacker posted a 125 GB torrent file that included the data relating to the 4chan message board, as reported by Video Games Chronicle. The publication revealed that an anonymous company source confirmed the legitimacy of the leaked information.

Twitch later stated that’s no indication regarding the exposure of login credentials. Also, the streaming platform revealed that Twitch does not store the full information related to credit card information, hence full credit card numbers were not exposed.

The IT and security teams of Twitch are still trying to figure out how the breach had occurred in the first place. The teams explained that a human error was made with a server configuration.

It has been stated that some of the data dates back to 3 years. Therefore, there are substantial probabilities that the server may be sitting ideal for some time, making it a suitable target for hackers who are also scanning for errors.

The leaked information reportedly unveils that the top streamers of Twitch made millions of dollars on the platform over the past three years. Multiple streamers also confirmed that the earnings showcased in the leak had correct figures.

The hackers have labeled the leak as part one, suggesting that few more attacks may occur in the coming future. Hackers didn’t confirm what data they are planning to release next.

“We’ve seen a lot of good advice to anyone with a Twitch account—change your password, change other passwords if you reused it, and switch on two-factor authentication,” says Liam Jones, Threat Analyst, Netcea, “But this alone won’t keep streamers and their fans safe.”

“Some hackers will take advantage of the fear of a password breach to send out phishing emails: Due to the recent breach, we are forcing all our users to change their password. This is actually a way to steal passwords when users are asked for their “old password”. Even experienced users have been known to fall for this trick.”

Also Read: Three Tips for Building a Robust Fraud Management Strategy

“The leaked details of the “Top 100” streamers are also a worry for Twitch. Extra information like this can be used in highly targeted “spear-phishing” attacks, a more personal approach to taking over accounts and stealing data. Basic password hygiene is a great start, but we need better awareness of the ways breaches can be used to fool and frighten people into poor judgments that will give their details away,” added Liam Jones.

With roughly 2.5 million people viewing streams at any given time on the Twitch platform, it has become a way for games to share live streams of them playing video games, providing spectators a chance to discuss what’s happening on screen as well as pay for it via various subscriptions. Its success led to acquisition from Amazon for US $970 million in 2014.

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.