Threat Update
On Wednesday, October 6th, 2021, the streaming platform Twitch confirmed that it had been breached. The party responsible for this attack dumped 125 GB of data to the Internet on Wednesday. The dump contains highly sensitive information for the streaming platform that was posted on 4Chan for the public to review at their leisure. Customers of Twitch have also been affected, with passwords and email leaked in plain-text. We recommend changing your password to your Twitch account and enabling multifactor authentication for the account as well.
Technical Detail & Additional Information
WHAT IS THE THREAT?
The Twitch dump included source code from early beginnings, streamer payouts from 2019 onward, the Twitch clients for all platforms, various proprietary SDKs and internal AWS services used by Twitch, internal red teaming tools, and an unreleased video game storefront under development by Amazon. Plaintext passwords and emails were also found within this breach by security researchers. Twitch has disclosed that a server misconfiguration caused this allowing some data to be exposed to the internet.
WHY IS IT NOTEWORTHY?
This is especially noteworthy because it shows that even a small misconfiguration can cause a major company to have gigabytes worth of data leaked. Considering the popularity and size of Twitch, it should be a clear example to all as to why a server misconfiguration can cause huge issues. This breach should also be an indicator that you should always be wary of your information that may be stored by corporations, as you never know when you could be a victim in another breach.
WHAT IS THE EXPOSURE OR RISK?
Any user of Twitch could be impacted by this compromise. Users of Twitch should reset their passwords immediately, as well as any streaming keys they may have if they are a popular streamer. You should immediately change the passwords for other accounts if you use the same password that you use on Twitch. Users of Twitch should be wary of any threat actors utilizing leaked information to perform a phishing attack against them as well.
WHAT ARE THE RECOMMENDATIONS?
Barracuda MSP recommends the following actions to limit the impact of this breach:
- Confirm your servers are configured properly so as to prevent a breach occurring on your company as well
- Reset your Twitch account password and other accounts that may use the same password.
- If you have connected any additional accounts to your Twitch account (i.e. your Amazon account), please reset those account passwords as well.
- Enable multifactor authentication for all accounts that you may have to keep a strong security posture
REFERENCES
For more in-depth information about the recommendations, please visit the following links:
- https://kotaku.com/report-twitch-is-hacked-and-its-source-code-is-in-the-1847808252
- https://threatpost.com/twitch-leak-emails-passwords/175390/
- https://www.videogameschronicle.com/news/the-entirety-of-twitch-has-reportedly-been-leaked/
If you have any questions, please contact our Security Operations Center.