Big, breaking news going around at the moment. If you have a Twitch account, you may wish to perform some security due diligence. There are multiple reports of the site being compromised. And they absolutely do mean compromised:
https://t.co/7vTDeRA9vt got leaked. Like, the entire website; Source code with comments for the website and various console/phone versions, refrences to an unreleased steam competitor, payouts, encrypted passwords that kinda thing.— Sinoc (@Sinoc229) October 6, 2021
Might wana change your passwords.
There’s still no independent verification from Twitch itself yet. However, multiple people have confirmed that the leak details, which include streamer revenue numbers, match what they have in fact generated.
What has happened?
A 125GB torrent was released on the 4chan message board. The poster claims it incorporates all of Twitch including
- Source code for desktop, mobile, and console clients
- 3 years of creator payouts
- Some form of unreleased Steam competitor
- Various bits of data on several Twitch properties
- Internal security tools
The leak is marked as “part 1”. The current data appears to contain nothing in the way of passwords or related data, but that potentially may be included in whatever comes next. This is something we may well find out from Twitch if and when it makes a statement.
In the meantime, we’d strongly suggest taking some proactive steps.
What should Twitch users do?
Log into your Twitch account and change your password to something else. If you’ve used the password on other services then you need to change them there too. Then enable two-factor authentication on Twitch, if you’re not already using it.
One small possibility against the leaking of passwords is there’s not been any visible “strange” activity from big name accounts. One would assume all sorts of dubious message shenanigans would follow in the wake of such a data grab. However, it’s possible that stolen passwords are being kept under lock and key until any such “Part 2” arrives.
This makes it all the more crucial to take some action now and start locking things down.
We’ll be updating this post with more information as we get it, so if you’re a Twitch user please feel free to check back every so often.
The post ‘Twitch compromised’: What we know so far, and what you need to do appeared first on Malwarebytes Labs.
Article Link: 'Twitch compromised': What we know so far, and what you need to do - Malwarebytes Labs | Malwarebytes Labs