Twitch, an Amazon-owned live-stream gaming service, has fallen victim to an anonymous hacker who breached 125GB of data, including the service’s entire source code.
A torrent link containing the data cache was posted on 4chan by an anonymous user on October 6, 2021. The hacker stated their motive was to “foster more disruption and competition in the online video streaming space” because “[Twitch’s] community is a disgusting toxic cesspool”.
Other sensitive data exposed by the breach include:
- Twitch creator payout details from the past three years
- Proprietary SDKs and internal AWS services used by Twitch
- An unreleased Steam competitor from Amazon Game Studio
- Twitch’s developer tools
- Twitch’s information security tools
- Data from other Amazon properties, such as IGCB and CurseForge
Additional personally identifiable information (PII) like credit card details and login credentials are not believed to have been exposed.
This marks the second major data breach for the gaming service since it was acquired by Amazon in 2014. In 2015, Twitch announced to users that “unauthorized access” may have compromised user account information, prompting all users to change their passwords.
Twitch is also not the only Amazon property to suffer as a result of misconfiguration, with Amazon S3’s security settings leading to thousands of data breaches over the past four years alone.