Security Market Segment LS
Thursday, 07 October 2021 00:19

Massive data breach at Twitch.tv Featured

By
Massive data breach at Twitch.tv

Reports are emerging of a breach at Twitch.tv that suggest hackers captured EVERYTHING right up until Monday, perhaps Tuesday (US time) this week.

‘Everything’ was described by one Twitter user as “Like, the entire website; Source code with comments for the website and various console/phone versions, references to an unreleased steam competitor, payouts, encrypted passwords that kinda thing.” They added unironically, “Might wana change your passwords.”

Might indeed.

Initially Twitch affiliated users were sceptical (on Twitter) as an initial payment database suggested some very generous payouts, but later data had multiple users confirming the data was a very close match to their own records.

According to HaveIBeenPwned’s Troy Hunt on Twitter, “The general consensus from the masses is "it's legit", but I'm yet to see any analysis yet. The torrent is being shared pretty extensively, it contains 278 files totalling 125GB *compressed* so it's sizeable.” Troy lists the alleged contents of the torrent here.

At the time of writing, there is nothing on the company web site to warn users of this issue.


For the uninitiated (this writer included, we had to talk to a nearby teenager), Twitch offers a real-time streaming service where (for instance) gamers can live-stream game-play to an audience of paid subscribers. Think of it as a live version of YouTube dedicated to noobs watching great players cruise though really difficult games (I -mostly- exaggerate).

Unconfirmed suggestions are that there was a connection to current Twitch data repositories in an uncontrolled link extracted from a GitHub repository.

Jarno Niemela, Principal Researcher, F-Secure notes, "This leak is very serious for Twitch, but the question is what effects this will have for the regular Twitch user.

"From what we currently know, is that as password hashes have leaked, all users should obviously change their passwords, and use 2FA if they are not doing so already.

"But as the attacker indicated that they have not yet released all the information they have, anyone who has been a Twitch user should review all information they have given to Twitch, and see if there are any precautions they need to make so that further private information isn’t leaked."

The following is speculation.

We don’t yet know the extent of the breach, but we do know that Twitch has extensive dox for all their affiliates. The release of that information could be very ‘interesting.’ Further, ALL affiliates ought to be awake to all manner of phishing and similar contacts in the future.

This is not speculation: Hint to all Twitch-connected people; whether content producers or consumers – change your password NOW. And if you haven’t invoked 2FA, do so immediately.

 

Read 2821 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here




IDC WHITE PAPER: The Business Value of Aiven Data Cloud Solutions

According to IDC, Aiven enables your teams to perform more efficiently, reduce direct infrastructure costs, and provide improved database performance, agility and scalability.

Find out how Aiven makes teams 48% more efficient, allowing staff to focus on high-value activities that drive real business results:

340% 3-year ROI – break even in 5 months (average)

37% lower 3-year cost of operations

78% reduction in staff time for database deployments

Download the IDC White Paper now

DOWNLOAD WHITE PAPER!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Published in Security
Tagged under
David Heath

David Heath has had a long and varied career in the IT industry having worked as a Pre-sales Network Engineer (remember Novell NetWare?), General Manager of IT&T for the TV Shopping Network, as a Technical manager in the Biometrics industry, and as a Technical Trainer and Instructional Designer in the industrial control sector. In all aspects, security has been a driving focus. Throughout his career, David has sought to inform and educate people and has done that through his writings and in more formal educational environments.

Latest from David Heath

Related items

More in this category: « Claroty finds three vulnerabilities in Honeywell's Experion Process Knowledge System Apache flaw being exploited in the wild, also allows RCE »
Share News tips for the iTWire Journalists? Your tip will be anonymous
back to top

Subscribe to Newsletter

*  Enter the security code shown:

WEBINARS & EVENTS

CYBERSECURITY

PEOPLE MOVES

GUEST ARTICLES

Guest Opinion

ITWIRETV & INTERVIEWS

RESEARCH & CASE STUDIES

Channel News

Comments