Hundreds of gigabytes exposed online. Twitch suffered a massive computer attack. This massive data hacking is due, according to the American firm, to a server configuration error . This cybersecurity problem falls badly when the reputation of this Amazon subsidiary is already tarnished by a case of racist harassment.
” We realized that data was exposed on the internet due to a configuration error on the Twitch server, which was exploited by a malicious third party ,” said the leader in video game streaming on its site .
“ As a precaution, we have reset all broadcast codes ,” Twitch added in its post.
On Wednesday, on the anonymous 4Chan forum, a user posted a download link for 125 gigabytes of computer data, which was allegedly stolen from Twitch.
The loot includes source code from Twitch, income information from thousands of streamers, as well as information about a video game distribution service under development by Amazon Game Studios, according to trade press scouring the information. .
” At this stage, we have no indication that identifiers have been revealed. We are continuing to investigate, ” said the platform, which also points out that credit card numbers are not stored on its server, and were therefore not exposed.
” Streamers are going to be worried about their income being made public, as they depend on donations from their fans, ” said James Chappell, co-founder of Digital Shadows, a cybersecurity company.
According to data posted on Twitter, player CriticalRole, who has more than 800,000 fans, earned more than $ 9 million between August 2019 and October 2021.
Twitch is owned by tech giant Amazon, which largely dominates the global cloud industry, providing remote access to IT services over the Internet.
The company claims to receive more than 30 million visitors per day, attracted mainly by live broadcasts of video game games, commented by players or content creators.
The streaming service has suffered for months a wave of racist and homophobic harassment, which consists of “hate raids” (” hate raids “), against certain creators, including non-white people and the LGBTQ community. These victims have mobilized and society has taken measures, but it is struggling to stop the phenomenon.
Twitch filed a complaint a month ago against two users, who it said manage multiple accounts on the platform from Europe under different identities and are able to ” generate thousands of bots in minutes ” in an attempt to harass their victims.
The data appeared to include Twitch’s internal code and documents, as well as the payments made to thousands of top streamers.
Twitch now says the breach was caused by a “server configuration change” that “exposed” some data.
But it has not confirmed if all the data posted online is genuine.
The Amazon-owned company said the breach had involved “a Twitch server configuration change that was subsequently accessed by a malicious third party”.
“As the investigation is ongoing, we are still in the process of understanding the impact in detail,” it said.
Twitch’s short statement shows the company is in full crisis mode.
Information-technology (IT) teams and security experts are still trying to understand just how bad the data leak is.
The explanation for the hack is there was some sort of human error with a “server configuration”.
In other words, someone set up the computers that store Twitch’s private data incorrectly, making it findable and downloadable to hackers.
What the company has not said is when this mistake was made.
Some of the stolen data goes back three years, so there is a chance the servers could have been sitting ducks for some time – or the mistake could have left the door open for only a few days or weeks.
Hackers are always searching and scanning for open databases online – or it is even possible someone may have tipped off hackers about the internal IT blunder.
But making these sorts of mistakes is costly – particularly when you are a target as big as Twitch.