Huge Twitch Breach Leaks eSports ‘Toxic Cesspool’
Amazon’s game streaming service, Twitch, got hacked. 125 GB of its most private data is now outside the proverbial toothpaste tube.
A 4chan user claimed to be the perp, blaming it on Amazon’s greed and the site’s toxic culture. Some of the more fascinating bits in the collection are the earnings of top members—as much as $10 million over 22 months.
Get off my lawn. In today’s SB Blogwatch, we exit the grassed area.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: What is this “office” of which you speak?
Fond Memories of Justin.tv
What’s the craic? Chris Scullion broke the story—“The entirety of Twitch has reportedly been leaked”:
Two-factor authentication”
An anonymous hacker … posted a 125GB torrent … stating that the leak was intended to “foster more disruption and competition in the online video streaming space,” because “their community is a disgusting toxic cesspool”. … Twitch has regularly found itself under fire from creators and users who feel the site doesn’t take enough action against problematic members of the Twitch community.
…
If you have a Twitch account, it’s recommended that you also turn on two-factor authentication. [The leak] includes:
- The entirety of Twitch’s source code with commit history “going back to its early beginnings”
- Creator payout reports from 2019
- Mobile, desktop and console Twitch clients
- Proprietary SDKs and internal AWS services used by Twitch
- “Every other property that Twitch owns” including IGDB and CurseForge
- An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios
- Twitch internal ‘red teaming’ tools (designed to improve security by having staff pretend to be hackers)
What can we learn? Chris Morris worms his way into the narrative—“Amazon’s Twitch suffers massive data leak”:
Twitch confirmed the leak”
Assuming the data is accurate, it’s an eye-opening look at what Twitch’s top streamers earn from the service. (Additional income, such as merchandise, user donations, sponsorships, and revenue from other streaming services is not included.) The top streamer earned $9.6 million between August 2019 and October 2021. The top 10 collectively took in more than $50 million.
…
Twitch confirmed the leak. … Twitch did not immediately reply to [my] request for comment.
But how? Careful with that Ax Sharma—“Twitch blames a “server configuration change” for the massive data leak”:
Vulgar and hateful speech”
Twitch has blamed the data exposure on a “server configuration change that was subsequently accessed by a malicious third party.” … The hacker wrote that [the leak was] lifted from 6,000 internal Twitch Git repositories.
The forum poster mocked Amazon’s acquisition of Twitch, writing, “Jeff Bezos paid $970 million for this, we’re giving it away FOR FREE.” [They said] the purpose of the leak was to cause disruption and promote competition among video streaming platforms.
…
The hack puts more bad news on Twitch’s plate and follows a recent and long-awaited public response to hate raid issues. During such raids, vulgar and hateful speech is dumped into the site’s prominent chat feeds by users and bots.
Cui bono? Good question—phantomfive gets all nostalgic for the good ol’ days:
Do it for the love”
It warms the heart to see hackers leaking code for no reason than to create chaos and revenge. None of this “ransomware” or “get rich from hacking” nonsense.
Do it for the love, not for the money.
Now what? Now CrazyDroid can say this:
Now the Youtube team can copy the source code and create a true rival—and then somehow find a way to ruin it as well.
But we’re somehow lauding 4chan? Here’s a slightly sarcastic Lord Bobbymort:
wOn’T cAuSe AnY hArM wHaTsOeVeR”
“Their community is a disgusting toxic cesspool.” — This is the stupidest “reason” I’ve ever seen for a leak.
Essentially, “Hey, you’re the cesspool—not me from 4chan, the well-known cesspool. You’re the bad toxic ones—definitely not me who’s posting this, which definitely won’t cause any harm whatsoever.”
~ oH yEs, DeFiNiTeLy /s An eager Tsaot can’t wait for the next shoe to drop:
Fun to watch”
You know there will be a bunch of new attacks. … What are the chances there are undocumented APIs now vulnerable to attack?
…
There are bound to be APIs made for special events or superstar streamers that are going to be instant targets now. This is going to be fun to watch.
Wait. Pause. Larry_O objects to the use of the C-word:
It’s pretty terrible”
There’s no such thing as a “Twitch community.” … These aren’t communities. … Twitch doesn’t care about the well-being of anyone—and why should they?
…
Twitch is amazing because it swooped in after multiple generations of online user had … grown up as frogs in the boiling water, and then proceeded to sell them the promise of … a living wage playing video games for a live studio audience [and] parasocial relationship as effective replacement for real human interaction. That’s literally the whole grift.
…
They sold this beautifully too. And it’s pretty terrible overall. … Whatever further kneecaps this ****ing sham company, I’m for it.
But you gotta admire Twitch for something? Here’s DavidT256:
Everything else aside, it made me grin that they were ballsy enough to name their “Steam” competitor “Vapor”. 😏
Meanwhile, Cassius Kray learned something today: [Very poetic—Ed.]
TIL that 4chan is still going.
And Finally:
“Well they said the office culture was lost—what they lost was line of sight for my boss”
Hat tip: Esther Schindler
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE. 30.
Image sauce: Mark Decile (via Unsplash)
