Hackers have gotten their hands on a massive data leak that contains the “entirety of Twitch.TV.”
The leak, which is over 126GB, reportedly contains proprietary code, including mobile, desktop and console Twitch clients, proprietary SDKs and internal AWS services used by Twitch, other properties Twitch owns including IGDB and CurseForge, an unreleased Steam competitor (codenamed Vapor) from Amazon Game Studios, Twitch internal red teaming tools, as well as creator payouts that date back to 2019 up to the present.
The issue was confirmed by Twitch. In a statement, Amazon-owned streaming site said the “data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party.” Their teams are are currently working to investigate the incident.
In response, the company has reset all stream keys, and advised users to manually update their software. Twitch Studio, Streamlabs, Xbox, PlayStation and Twitch Mobile App users do not need to take any action for the new key to work. OBS users, on the other hand, will need to manually copy their stream key from their Twitch Dashboard.
Twitch said that they cannot yet confirm if login credentials were included in the leak. But to err on the side of caution, it might be best to change passwords and activate two-factor authentication.
Additionally, Twitch reaffirms that no credit card numbers were exposed, because they do not store full credit card numbers.