October 6th 2021
Interactive live streaming service Twitch has been hacked and over 100GB of confidential data posted online earlier today. The data is said to include the earnings of the platform’s top streamers over the last two years, as well as source code for the platform itself and details of a yet-to-be-released Steam competitor.
125GB of data was posted anonymously on the 4chan messaging board earlier today. It seems to focus on company’s own tools and information rather than code that includes the personal information of its users. However, today’s leak has been labelled as ‘part one’, so it is possible that this could follow at a later date. Because of this, we recommend that everybody with a Twitch account changes their password immediately, to one not used on any other online accounts. We also recommend using two-factor authentication (2FA) as a further security precaution.
Two streamers and a third person closely linked to a high-profile player confirmed to BBC News that the income figures leaked about them were accurate.
Accounts belonging to children
Another concern arises from the fact that a large proportion of the Amazon-owned platform’s 140 million regular users are children, bringing with it potential safeguarding issues. Many children have Twitch accounts without their parents’ knowledge, so we are also advising parents to speak to their children about whether this is the case, and the necessity for a password change.
In a Tweet this afternoon, Twitch revealed: “We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.”
Chief Executive of Get Safe Online, Tony Neate, said: “It has been reported today that the entirety of Twitch has been hacked, with its data now being leaked into the public domain. Whenever a hack takes place our sympathies go to those who have been compromised, and when the majority of those affected are children, the impact is amplified.
“Parents will be concerned, but there are a couple of actions that they can take that can help. Firstly, have a conversation with their child to establish if they have a Twitch account. If they do, and with immediate effect, ask them to change their password as a matter of urgency, using a combination of three unrelated words that are memorable, replacing some letters with numbers to enhance its security. If they can, also enable 2 factor authentication. By doing this as quickly as possible it will ensure they are protecting themselves as best they can in light of the current situation.”
At the time of writing, the UK’s Information Commissioner’s Office (ICO) said it had not been notified of any data breach by Twitch or Amazon.