We have thought and hoped that the unprecedented downtime Facebook faced last week would turn out to be the most sensational cybersecurity news of the week. However, the Twitch hack came as a more shocking reality. After all, the leak of Twitch source code does not look good regardless of how you look at the situation. Thus, what happened to Twitch, and how can you protect yourself from similar incidents? While many things rely on companies, you can safeguard your accounts as well.
What happened?
The Twitch leak revealed a lot, including sensitive information like how much top streamers earn. Still reeling from the attack, Twitch is investigating what exactly happened. As they carry out what’s sure to be a long investigation, experts have warned of dire consequences that the live streaming platform is likely to face.
Not only has the data breach exposed Twitch’s entire security code and details of unreleased software, but the hackers leaking financial reports and internal red-teaming tools should also have any infosec professional shaking in his boots.
ThreatModeler founder and CEO Archie Agarwal, therefore, finds enough reason to call the security breach a worst-case situation. He feels that tough questions are sure to be asked since it’s very alarming how 125 GB of very sensitive data has been stolen. Luckily, Twitch has confirmed that the individual user information is safe.
Twitch confirms the leak
Twitch has admitted that there has indeed been a data breach. According to their blog post, the accident happened because of a server configuration change. By now, the issue has been fixed. However, Twitch has mentioned that a thorough investigation will be carried out to find out what exactly happened.
According to certain sources, it is possible that the Twitch hack happened due to the company’s neglect of certain security and safety warnings. We shall find out more in the future when more details about the leak surface.
What information got leaked
The Twitch hack likely exposed the following information:
- Entire details of Twitch.tv, including the commit history going back right to the early beginnings.
- Details of Twitch’s mobile, desktop, and video game console clients.
- The various proprietary SDK’s and internal AWS services Twitch uses.
- All property owned by Twitch, including IGDB and CurseForge.
- Internal red-teaming tools of Twitch SOC.
- Details of the way Golden Kappa works.
The leak also included details of reports on creator payouts from 2019 till October 2021 and the details of the revenues made by streamers before tax.
However, it appears that the hack did not expose users’ data. For instance, passwords should be as safe as you can imagine. Of course, if you feel uncomfortable, you can always change your password just to be safe. Furthermore, Twitch indicates that full credit card numbers were not exposed as Twitch does not store them.
Simple Ways to Protect Yourself
- Two-factor authentication. Twitch protects its users with 2FA on Twitch. Many services offer this security option, and we advise you to use it wherever possible. It’s a very effective protection against cybercriminals. 2FA ensures that you cannot log into your account without providing a special token.
- Secure passwords. 2FA helps, but your password is still a crucial factor in your account security. Repeating the same combination for each digital service is no longer an option. Now, you need to generate new ones for every new account. Thus, it becomes troublesome to manage them all. You can use a password manager to ensure that all passwords are available in one neat location.
- Protect your internet traffic. A Virtual Private Network is the perfect tool for keeping your online data safe. All you need to do is download a VPN app, and it will start scrambling information about your internet activities. Then, no one can intercept your communication to steal information, like your passwords.
Conclusion
Data breaches are never pretty. Twitch users are extremely lucky that their passwords were kept safe. However, this is not always the case, and the aftermath can be more devastating. Some services can keep passwords in plaintext, which is a big security no-no. In other cases, credentials can be stolen because of the network you have connected to. Thus, it is always best to do everything possible. 2FA, a VPN, and a strong password are sure to protect your accounts from all these threats.
