Twitch supply code, creator’s earnings revealed in 125 GB leak
Aurich Lawson / Getty Images
The live video broadcast service Twitch was hit by a massive hack that exposed 125 GB of the company’s data. In a 4chan thread posted (and removed) on Wednesday, an anonymous user posted a torrent file of the data dump. The dump contains the company’s source code and details about the money the Twitch creators made.
Twitch admits the violation but is unsure of the “extent”
In a 4chan post Ars saw today, an anonymous user claimed to have lost 125GB of data from 6,000 internal Twitch Git repositories. The forum poster mocked Amazon’s takeover of Twitch, saying, “Jeff Bezos paid $ 970 million for it, we’re giving it away for FREE.”
Enlarge / A 4chan user posted a torrent of a 125GB data dump.
The hacker wrote that the purpose of the leak was to cause disruption and to encourage competition between video streaming platforms. The hacker went on to say that the “Twitch community is a disgusting, poisonous cesspool”.
Twitch admitted the violation but did not respond to Ars’ questions. It seems that even Twitch doesn’t know the full extent of the breach as the company is still working on the details:
We can confirm that a violation has taken place. Our teams are working flat out to understand the extent of this. We will update the community as additional information becomes available. Thank you for joining us.
– Twitch (@Twitch) October 6, 2021
Merits of the best Twitch creators announced
The same thread on 4chan also claimed to “reveal creators’ payout reports from 2019 to now. Find out how much your favorite streamer is really making!”
It is noteworthy that the 125 GB archive is titled “Part One”, which alludes to the possibility of future leaks.
A small subset of the data viewed by Ars shows the earnings of the top 10,000 Twitch users alongside their usernames. An updated list was posted by game developer Sinoc, and a Twitter user who analyzed the dump posted a detailed breakdown of the payouts:
An anonymous Twitch source confirmed to Video Games Chronicle that the leaked data, including Twitch’s source code, is legitimate. According to the company source, the data was only collected on Monday.
The 4chan poster claims that the leaked data dump contains:
- The entire source code of twitch.tv, with commit history from the beginning
- Creator payout reports as of 2019
- Twitch clients for mobile devices, desktops and video game consoles
- Proprietary SDKs and internal AWS services used by Twitch
- Data from “every other property Twitch owns,” including IGDB and CurseForge
- Information on an unreleased Steam competitor (“Vapor”) from Amazon Game Studios
- Twitch’s internal “red teaming” tools used by SOC (security) teams
The dump also allegedly contains Unity source code for a game called “Vapeworld”.
Portions of the leaked archive are huge and contain large ZIPs, and it may take days to understand the full extent of the breach:
Enlarge / Twitch data dump “part one” content.
Some Twitter users also claimed to see encrypted passwords in the dump, asking Twitch users to enable two-factor authentication and change passwords for protection.
The hack brings more bad news to Twitch’s plate and follows a recent and long-awaited public response to problems with hate raids. During such raids, vulgar and hateful speeches from users and bots are thrown into the site’s prominent chat feeds.
Interestingly, NBC technical investigation reporter Olivia Solon says all of Amazon’s storage systems were hit by a network glitch last night, although the company won’t confirm whether that event was related to the Twitch hack.
According to Solon:
Amazon warehouse workers in the US were unable to work for at least two hours last night because their internal software crashed and none of their scanners worked.
All Amazon will say is that it was a “network glitch that was quickly fixed”.
Amazon’s acquisition of Twitch in 2014 claimed that the company would operate “independently” from Amazon. It is therefore not clear whether Twitch operates its own server stack or uses Amazon’s rack space.