A torrent file containing 125GB data, allegedly from Twitch, has been publically leaked on the popular forum 4chan. The leaked file seemingly contains all of the streaming platform’s sensitive data, including source code, creator earnings, and programming information, including SDKs and Twitch’s internal AWS database.
The Twitch data is being freely made available for anyone on the internet, and many users have already downloaded the file. A PrivacySharks contact got their hands on the leaked data and confirmed to our team that it does indeed contain sensitive information.
Update: Twitch put out a statement about the data leak, blaming the leak on an “error in a Twitch server configuration change that was subsequently accessed by a malicious third party.” Twitch also asserts via its statement that there is no indication that login credentials or credit card details were exposed, which will come as a relief to users.
What does the Twitch data leak contain?
The massive amount of leaked Twitch data contains the following information:
- The entirety of Twitch’s source code
- Comment history from the beginning of the platform’s inception
- Creator earnings from 2019 onwards
- SDKs and internal AWS services
- Desktop, mobile, and console Twitch clients
- All other Twitch-owned property (including CurseForge and IGDB)
- A never-before-seen Steam competitor from Amazon Game studios
- Internal security and hack-preventative “red-teaming” tools
Fortunately, the leaked data does not appear to contain any sensitive account information. The only personal information included seems to be related to creator payouts, which you can see below:
Why was the Twitch data leaked?
The anonymous hacker behind the leak shared the data on 4chan on 6th October 2021, stating that they wanted to “foster more disruption and competition in the online video streaming space.” The hacker also described the Twitch community as a “disgusting toxic cesspool.”
Given the hacker’s opinion of the Twitch community, the leak may be in reaction to what is known as hate raids on the platform. Users and bots have been known to target creators by overwhelming Twitch chats with hateful messages. A platform strike was carried out in September 2021 in response to the increased frequency of Twitch hate raids.
What to do if you have a Twitch account
While it appears that the hacker behind the leaks has not included users’ account details, we advise every Twitch user to change their password immediately.
As well as creating a strong password consisting of letters, numbers, and symbols, users should also enable two-factor authentication on their Twitch account. This adds an extra layer of protection when logging into accounts, as every user will need to verify it is them via SMS, email, or an authenticator app.