Twitch Confirms Hack: Source Code and Payout Data Leaked

Twitch Confirms Data Breach: Source Code and Payout Information Leaked

A substantial collection of source code repositories, payment details for content creators, and other sensitive internal data belonging to Twitch has been publicly released online following a confirmed data security incident.

Details of the Data Breach

A leaker asserted on Tuesday, with the claim gaining widespread attention on Wednesday, that they had successfully obtained Twitch’s source code. This included proprietary SDKs (Software Development Kits), essential for developers to integrate Twitch functionality into their applications and services.

Furthermore, the leaker alleges the acquisition of unreleased software and, critically, the company’s internal red team security tools. This suggests a potentially deep compromise of Twitch’s security infrastructure.

TechCrunch has reviewed a portion of the leaked cache, which the leaker identifies as “part one,” indicating the possibility of further data releases. Initial reports of the breach surfaced on Monday, as noted by Video Games Chronicle.

Twitch's Official Response

Twitch acknowledged the breach in a public statement posted on Twitter on Wednesday. The company confirmed the incident and stated that its teams are working diligently to assess the full scope of the compromise.

“We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available,” read the official tweet.

A Twitch spokesperson declined to provide any further commentary beyond the initial Twitter announcement when contacted for additional information.

Creator Payout Data Exposed

The veracity of the breach was quickly supported by streamers who recognized their own payout information within the leaked data. (TechCrunch has refrained from linking to the data to protect personal information.)

The exposed data reveals payout figures for individual Twitch users, with some creators receiving earnings exceeding six figures annually.

Several streamers have independently verified the accuracy of the leaked records, confirming their alignment with data displayed on their official Twitch dashboards. One user stated, “I looked at a line from June 2019 and literally 100% match to the information showing on my analytics on my dashboard.”

Security Implications

The release of internal source code presents a significant security risk. It allows external parties to scrutinize the code for potential vulnerabilities, which could be exploited for malicious purposes.

Recent Context

This breach occurs less than a month after Twitch streamers organized a protest on September 1, expressing dissatisfaction with the company’s response to “hate raids” – coordinated attacks utilizing bots to flood streams with abusive and harassing content.