Why The Twitch Data Breach Is Such a Big Deal
If you’re connected in any way to the streaming space online (through Twitch, YouTube, or elsewhere), chances are you’ve already heard about the major data breach that happened with
First of all, the obvious: there are encrypted passwords included in the data leak. Without the algorithm, they’re useless … for now. Eventually if the algorithm is cracked (or worse, already known like a MD5 hash) then your password can be recovered.
Beyond that, Twitch users now have access to payout data from 2019. While not completely up-to-date, it gives a great indication of implied contract rates, splits, and earnings. For some, it’s like finding out someone’s doing less work and getting paid more.
There’s information about Codename Vapor, which tells us two things: 1) Amazon has a steam competitor in the works. 2) Their internal naming conventions aren’t really creative. Still, this information being released loses the element of surprise.
Proprietary source code / SDKs/ the codebase(s) used by Twitch have been included in the leaks. Did you know that Twitch uses a home-brew version of FFMPEG that is apparently much faster than the open source version? Competitors can use this information to augment their own platforms.
Finally… the most interesting part of this whole thing: source code. Literally the runtime code used to power the entirety of Twitch. The source code provides hackers with the insights needed to find attack vectors that don’t even need passwords. Injection points are the most likely, but a savvy hacker can turn a loophole into a tunnel for any nefarious script.
I’m going to be really honest here. Twitch, for as much as I like the community I’ve had there, is seemingly making one mistake after another. I know Altair.tv is pushing back to 2022, but I’m wondering if it’s even worth streaming on the platform.
Your data is not safe. Discoverability is non-existent for new/smaller streamers. Minority groups are subject to hate raids with little recourse.
I think the better question is “What’s Twitch doing RIGHT nowadays?” And I’m struggling to find an answer.
SO. a TL;DR for this whole Twitch debacle:
1) Change your passwords. NOW.
2) Regenerate your stream keys, NOW.
3) Activate your 2FA, NOW.
4) Wonder if it’s all worth it in the end with Twitch’s many missteps.