A huge data breach has occurred on Twitch, leaking the source code of the entire site. Since Twitch is so important in the poker community, both for pros who broadcast and casual players who watch streams as a learning tool, we wanted to walk you through the whole situation and let you know what you know can do to stay safe.
So, What Happened?
It has been reported that the breach took place on Monday but the data wasn’t made public until yesterday. It was then that an anonymous user on 4chan posted a torrent with 125GB of data in it.
The leak includes a ton of information, including:
- Details of payouts to Twitch streamers dating back three years
- Twitch’s entire commit history
- Source code for the mobile, desktop and console versions of Twitch
- Information on Twitch’s internal security
The leak has been labelled as “part one”. So, while the data was made public yesterday isn’t necessarily harmful for users, there are concerns that more information could be made public soon.
If You’re on Twitch…
Firstly, don’t panic. Sensitive data like passwords and credit card information have not been leaked. So, there’s no need to take yourself off of Twitch entirely for now.
Still, the data breach highlights the fact that Twitch has some very serious security issues. So, while streamers haven’t been the victims of any theft due to the hack, the vulnerabilities exposed by it may open them up to this in the future.
“Whatever Twitch was doing for application security, they need to redouble their efforts. Twitch will need to push their application security to the next level, finding and fixing vulnerabilities before anyone else can find them” – Jonathan Knudsen, security strategist for Synopsys Software Integrity Group.
Change Your Passwords
So, in case you haven’t already, be sure to change your password. Of course, this kind of information is encrypted on Twitch, but it’s better safe than sorry.
If you use this password for any other sites or services, change it elsewhere, as well.
You should also change your password for the email that you use to login to Twitch. The same goes for any online payment methods that are linked to your Twitch account.
2 Factor Authentication
Two-factor authentication is required for broadcasting on Twitch, so that extra level of security is already there. However, many users state that they feel safer using an authenticator app rather than email or SMS.
The best app out there right now seems to be Authy. It’s available on the Google Play Store and the iOS App Store.
Be Wary of Contact from Twitch
Security experts state that this kind of security breach can also lead to secondary hacking attempts. This means that people pretending to be Twitch may reach out to users, offering assistance, in an attempt to get even more information out of them.
So, make sure you scrutinize any contact that you receive from Twitch.
A Developing Situation
There will certainly be much more to the story, as more information about the data breach comes to light. It’s a situation that we’ll be keeping on top of, especially with the cryptic “part one” label on the leak.
Our investigation is ongoing, and we are in the process of analyzing all of the relevant logs and data to assess actual impact. For an update see https://t.co/mp8wndXv03
— Twitch (@Twitch) October 7, 2021
We will be keeping you updated as we know more. Streaming has become a crucial tool in the world of poker, and it’s important that both creators and viewers feel safe. So, watch this space for more any other key information that might be of interest to you as a member of the poker streaming community.