Hacker group Anonymous has leaked the source code and business data of video streaming platform Twitch by posting it on the message board 4chan.
According to Anonymous, the data was leaked in response to “hate raids,” bot attacks that post malicious content to Twitch chat that have plagued Twitch’s top streamers.
To promote further disruption and competition in the field of online video streaming, we are completely disrupting and releasing the source code from our nearly 6,000 internal Git repositories
The Record has downloaded a portion of the 128GB torrent file that was released to the public and confirmed its authenticity.
The contents of this leak are consistent with what the hacktivists claim, and are quoted below.
- Twitch.tv in its entirety and commit history
- Twitch clients for mobile, desktop, and video game consoles
- Various proprietary SDKs and internal AWS services used by Twitch
- All other properties owned by Twitch, including IGDB and CurseForge, and all other properties owned by Twitch
- Unannounced counterpart to Steam by Amazon Game Studios
- Red teaming tools inside Twitch SOC (lol)
- 2019 to now creator payout report
Among the treasure trove of data, the most sensitive folders are those that hold data for Twitch’s internal security team, including Twitch’s user identity and authentication mechanisms, admin management tools, and the white-board threat model that describes various parts of Twitch’s backend infrastructure
While we were unable to find any personal information about Twitch users, the leaked data also included payment schemes for the platform’s top streamers.
We don’t link or share this data in any way, but the monthly income of the people who make the most money on this platform is publicly available, with some reaching into the tens of millions of dollars.
The source of the leak is believed to be an internal Git server, which is typically used by companies to allow large teams of programmers to make controlled and easy changes to their source code repositories.
It has also been suggested that this leak is called “Part 1” and that more data will be leaked in the future.
While no user data was compromised in this incident, several security researchers are urging users to change their passwords and enable multi-factor authentication solutions for their accounts just in case.
Comments