Home
Artists
Search Recent Random
Posts
Search DMs Popular Hash Lookup Tags Random
Importer
Import FAQ
Register
Partychan SimpleX Chat ThePornDude
Home Artists Posts Import Register
Join the new SimpleX Chat Group!

Twitch Hack Updates - Threatwire (Patreon)

Published:
2021-10-19 10:00:04
Imported:
2023-10

Downloads

Content

By Shannon Morse, ThreatWire 

Twitch has updated their official statements about the hack they experienced earlier this month. According to the company, an attacker gained access to data on their servers due to a faulty configuration change that exposed it to the internet. This data was accessed by a malicious third party and an investigation was ongoing. They also stated at the time that credit card numbers were not exposed nor were login creds. Twitch did reset all stream keys. 

A few days ago, they made another update, saying that passwords were not exposed and they were confident login credentials, which are hashed with bcrypt weren’t accessed, and repeated that cc numbers weren’t exposed, nor was ACH or banking info. 

They confirmed that the source code repository and payout data was exposed. According to the leaker, who posted the data online, that included about 6000 internal Twitch Git repositories. That included commit history for years, twitch clients source code, proprietary SDKs, twitch owned properties including a steam competitor that is unreleased, red team tools and again, creator payouts from 2019 to now. Some creators did post on social media that the data for their own payouts was indeed accurate.

Twitch’s update does not line up with what some security researchers have detailed. According to data shared with PrivacySharks and ThreatPost, personal information of users was breached, using an example showing code that included an email address and a password in plain text. Details also contained over 1000 chargebacks that were made from Twitch to a variety of platforms which indicate the amount, full name, email address and any comments. This portion also includes Twitch employee data.

Whether Twitch user credentials were leaked or not, go in an update your login username and password, turn on 2FA, reset your keys and keep an eye out for anything sus. This could be a major blow to twitch given it included source code and we’ll potentially see more leaks come from this as well. Props to my Alliance member Joel for providing info for this story.

Support ThreatWire!  https://www.patreon.com/threatwire

Twitch:

https://blog.twitch.tv/en/2021/10/15/updates-on-the-twitch-security-incident/?utm_referrer=https://t.co/
https://www.bleepingcomputer.com/news/security/twitch-downplays-this-months-hack-says-it-had-minimal-impact/
https://threatpost.com/twitch-leak-emails-passwords/175390/
https://www.zdnet.com/article/twitch-downplays-massive-breach-says-no-passwords-or-login-credentials-leaked/

Comments

No comments found for this post.