Spiria logo.

Twitch FailFish

October 7, 2021.

Twitch.

© Twitch/iStock.

Nearly all the source code developed by the game streaming service Twitch, including a complete history of commits, ended up on the internet in a 125GB torrent. The entire source code for twitch.tv, for mobile, console and desktop applications, and even for an app that has yet to come out (the Amazon Game Studios store set to compete with Steam), is available. The cherry on the cake has been access to Twitch’s internal security tools and years of payment history to creators. For example, we now know that some 80 broadcasters on Twitch have each earned more than US$ 1 million over the past two years. The scale of the hack is staggering, and the hackers hint that this is only Part One of the data they got their hands on ...

The first question that comes to mind is “How is that even possible?” According to some accounts, this is probably the result of an all-too-common corporate culture where security is talked up but not acted upon. The Verge reporters spoke to multiple sources who say that during their time at Twitch, company management always prioritized speed and bottom line at the expense of the security of its users and data. One source indicates also that Twitch has been consistently choosing not to disclose the security issues it faces. The company is not very loquacious, but claims the malicious intrusion was due to a misconfiguration on its servers.

Update. Not a good week for Twitch... Hackers managed to deface Twitch for a few hours this Friday morning, replacing a number of images with pictures of Amazon CEO Jeff Bezos. Users reported seeing images of Bezos in listings for GTA V, Dota 2, Smite, Minecraft, Apex Legends and many other games on the Amazon-owned service. [Source.]

The Verge, Tom Warren, Ash Parrish, “Twitch’s security problems started long before this week’s hack.”

2021-10-07