Huge Twitch data leak blamed on server error

Livestreaming site Twitch says a server error led to the significant leak that saw large amounts of sensitive data being posted online on 6 October.

Among the exposed data was internal code and documents used by the site, plus details of payments made to some of the top users – or ‘creators’ – of the site as well as information on unreleased projects. Users were advised to change their passwords but Twitch said in a statement that there was no indication that login details had been compromised.

The Amazon-owned platform had come under fire from some users in recent months for failing to take more action to prevent so-called ‘hate raids’ against some users. Even so, Twitch continues to dominate the live video game streaming sector with a 72.3% market share over rivals including Facebook Gaming and YouTube Gaming.

In a statement, Twitch said: “We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party. Our teams are working with urgency to investigate the incident.

“As the investigation is ongoing, we are still in the process of understanding the impact in detail… At this time, we have no indication that login credentials have been exposed. We are continuing to investigate. Additionally, full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed.”

The incident came in the same week that Facebook – and its associated apps – suffered an outage lasting several hours as a result of a system maintenance error, although no malicious external involvement is believed to have been involved.

    Share Story:


Cyber risk in the transportation industry
The connected nature of the transport and logistics industries makes them an attractive target for hackers, with potentially disruptive and costly consequences. Between June 2020 and June 2021, the transportation industry saw an 186% increase in weekly ransomware attacks. At the same time, regulations and cyber security standards are lacking – creating weak postures across the board. This podcast explores the key risks. Published April 2022.

Political risk: A fresh perspective
CIR’s editor, Deborah Ritchie speaks with head of PCS at Verisk, Tom Johansmeyer about the confluence of political, nat cat and pandemic risks in a world that is becoming an increasingly risky place in which to do business. Published February 2022.