An anonymous hacker has reportedly leaked the entirety of Twitch, releasing everything from its original source code, creator payouts, proprietary SDK’s and AWS services used by the Amazon-owned streaming platform and just about everything else. The leak, totaling 125GB has been verified as legitimate, containing just about everything and anything that constitutes ‘Twitch.’
Hilariously, this includes sensitive documentation pertaining to Twitch’s Red Team -- top-level security researchers at Twitch responsible for penetration testing (a.k.a. They try to hack into their own systems, recording what works and what doesn’t in order to identify weak spots). This is to Twitch the equivalent of somebody leaking all of the names, methods, sources and documents of every secret agent and confidential source the FBI has ever employed. Just wild.
The hacker states in his 4Chan post that the primary reason for the leak was to “foster more disruption and competition in the online video streaming space,” calling Twitch a “toxic cesspool.” Which is, admittedly, an understandable sentiment. Not that we endorse criminal activity of the sort.
Also included was the source code for an unreleased Steam competitor, amazingly called ‘Vapor’ because when Amazon tries to kick someone out of the market and take everything they ever worked for, the last thing they’re going to be is subtle. Or witty.
Included in the 125GB illicit treasure trove is your password, if you ever had a Twitch account. That includes ours, so if you feel like digging through the leak to try and hack into our Twitch and wreck things from the inside, be our guest. We’re going to change the password, but we probably won’t get around to it too soon. Have fun. You can also see the payout information of your favorite streamer from at least 2019, telling you exactly how much they made through Twitch alone.
Unless you make your money through Twitch, however, you probably don’t need to care too much. What makes this moment especially newsworthy, however, is just how big a faux pas this for Twitch, especially their Red Team. There’s really no room left to fail worse than this, with quite literally everything out on the table now.
A security failure of this sort is exactly the kind of scenario that crypto-enthusiasts and decentralized-network developers hold up as the poster child of the risks associated with storing sensitive data on privately-owned, centralized servers. Some say “keep all your eggs in one basket, then keep your eye on the basket” but that only works when you’ve got the best vision in the animal kingdom and can beat everyone to the punch.
And in this case, they didn’t. Not all. Twitch Interactive, Amazon, and Jeff Bezos have egg on their face and have yet to comment on the utterly jaw-dropping security failure at the time of this writing.