Amazon’s Twitch Falls Victim to 125 GB Data Breach

Catherine Chipeta
Catherine Chipeta
October 11, 2021

Twitch, an Amazon-owned live-stream gaming service, has fallen victim to an anonymous hacker who breached 125GB of data, including the service’s entire source code. 

A torrent link containing the data cache was posted on 4chan by an anonymous user on October 6, 2021. The hacker stated their motive was to “foster more disruption and competition in the online video streaming space” because “[Twitch’s] community is a disgusting toxic cesspool”.

The breach was first reported by The Video Games Chronicle on the same day and by Twitch’s official Twitter account shortly after. 

Other sensitive data exposed by the breach include:

  • Twitch creator payout details from the past three years
  • Proprietary SDKs and internal AWS services used by Twitch
  • An unreleased Steam competitor from Amazon Game Studio
  • Twitch’s developer tools
  • Twitch’s information security tools
  • Data from other Amazon properties, such as IGCB and CurseForge 

Additional personally identifiable information (PII) like credit card details and login credentials are not believed to have been exposed.

Twitch said the data exposure occurred due to a server configuration error, which was subsequently exploited in a cyber attack. 

This marks the second major data breach for the gaming service since it was acquired by Amazon in 2014. In 2015, Twitch announced to users that “unauthorized access” may have compromised user account information, prompting all users to change their passwords.

Twitch is also not the only Amazon property to suffer as a result of cloud misconfiguration, with Amazon S3’s security settings leading to thousands of data breaches over the past four years alone.

This latest breach highlights the importance of implementing consistent vulnerability management processes as threat actors are constantly scanning for holes in network security.

How secure is Twitch?

Twitch is a global community that comes together each day to create multiplayer entertainment: unique, live, unpredictable experiences created by the shared interactions of millions. Acquired by Amazon in 2014.
  • Check icon
    View our free preliminary report on Twitch’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
Security ratings
Abstract shape
Deliver icon

Sign up for our newsletter

Stay up-to-date on everything UpGuard with our monthly newsletter, full of product updates, company highlights, free cybersecurity resources, and more.
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan rating