18 October 2021

Twitch downplays extent of the recent breach, says only small number of customers affected


Twitch downplays extent of the recent breach, says only small number of customers affected

Twitch has released an update regarding a recent security incident, where an anonymous user posted a 125GB torrent link to the 4chan imageboard, allegedly containing source code, payments reports and users’ information stolen fr om Live video broadcasting service Twitch.

The leaker claimed that the data was stolen from almost 6,000 internal Twitch Git repositories.

Following the breach, Amazon-owned Twitch released a statement in which it explained that “some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party.” The company also said that it found no evidence that login credentials were exposed in the data leak.

Now, Twitch released an update wh ere it downplayed the breach saying that it “only affected a small fraction of users and the customer impact is minimal.”

“Twitch passwords have not been exposed. We are also confident that systems that store Twitch login credentials, which are hashed with bcrypt, were not accessed, nor were full credit card numbers or ACH / bank information,” the company said.

“The exposed data primarily contained documents from Twitch’s source code repository, as well as a subset of creator payout data.”

“We take our responsibility to protect your data very seriously. We have taken steps to further secure our service, and we apologize to our community,” Twitch added.


Back to the list

Latest Posts

Amid Pegasus scandal, Israel bans cyber software sales to 65 countries

Amid Pegasus scandal, Israel bans cyber software sales to 65 countries

Dropped countries include such countries as Morocco, Mexico, Saudi Arabia, or the UAE.
26 November 2021
CronRAT: New Linux malware that hides behind February 31 to stay undetected

CronRAT: New Linux malware that hides behind February 31 to stay undetected

The malware hides in the Linux calendar system and enables server-side Magecart data theft which bypasses browser-based security solutions.
26 November 2021
New malware campaign targets crypto, NFT and DeFi communities via Discord

New malware campaign targets crypto, NFT and DeFi communities via Discord

The Babadeda crypter is able to bypass signature-based antivirus solutions and was previously observed in malicious campaigns distributing RATs, and LockBit ransomware.
26 November 2021