Should the entirety of Wednesday’s massive Twitch data breach prove to be legitimate, the BBC’s first dedicated cyber reporter says it will be the biggest leak he’s ever seen and could have significant ramifications for the Amazon-owned company and its users.
On Wednesday, an anonymous hacker claimed to have leaked the entirety of Twitch, including its source code and information on how much money the company has paid to streamers since August 2019.
A Twitch source then confirmed to VGC that the leaked data is legitimate, and the Amazon-owned company has since confirmed “a breach has taken place”.
It said on Wednesday afternoon: “Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.”
Cyber reporter Joe Tidy said in his analysis of the situation for the BBC: “Twitch famously fiercely guards operational details such as how much its streamers are paid, so this looks extremely embarrassing for the company.
“And it comes at a time when competitors such as YouTube Gaming are offering huge salaries to snap up gaming talent, so the fallout could be significant.”
While still unconfirmed, Tidy said evidence was building that at least some of the leaked data appears to be genuine.
The leak includes an earnings list detailing how much money Twitch has paid to streamers since August 2019.
During this period, it’s claimed 81 Twitch streamers have been paid more than $1 million by the company.
Fortnite streamer BBG Calc told BBC News that the leak got his earnings “100% correct” and two other streamers said the figures were “about right”.
“Security experts tell me the files contains things such as internal server details that can be accessed by Twitch employees only,” Tidy said in his BBC analysis.
“And if it is all confirmed, it will be the biggest leak I have ever seen – an entire company’s most valuable data cleaned out in one fell swoop.”
Ampere Analysis analyst Piers Harding-Rolls said the leaked earnings figures could negatively impact streamers’ future earnings.
“The Twitch document leak on payouts is pretty damaging for the streamers,” he tweeted. “Undermines their ability to negotiate on future contracts/deals with brands.”
The hacker behind the Twitch leak posted a 125GB torrent link to 4chan on Wednesday, stating that the breach was intended to “foster more disruption and competition in the online video streaming space” because “their community is a disgusting toxic cesspool”.
While the initial leak doesn’t appear to include any personal account information, users have been advised to change their passwords and turn on two-factor authentication, because according to the hacker this is only the first part of the leak.
[UPDATE: Twitch has said there’s “no indication” that login details were exposed in Wednesday’s data leak, and that credit card information wasn’t taken.]