General

Twitch blames server error for massive data leak

Twitch blames server error for massive data leak
Henry

Livestreaming site Twitch says an "error" caused the unprecedented leak that posted vast amounts of sensitive data online this week.

The data appeared to include Twitch's internal code and documents, as well as the payments made to thousands of top streamers.

Twitch now says the breach was caused by a "server configuration change" that "exposed" some data.

But it has not confirmed if all the data posted online is genuine.

The Amazon-owned company said the breach had involved "a Twitch server configuration change that was subsequently accessed by a malicious third party".

"As the investigation is ongoing, we are still in the process of understanding the impact in detail," it said.

But as Twitch streamers and viewers alike scrambled to change passwords, the company also said it:

  • had "no indication" login details were compromised "at this time"
  • did not store users' credit-card information, so that kind of financial information could not have been exposed
  • was resetting all users' stream keys - the unique code used by streaming software to broadcast to the right Twitch account
Presentational grey line
Analysis box by Joe Tidy, Cyber reporter

Twitch's short statement shows the company is in full crisis mode.

Information-technology (IT) teams and security experts are still trying to understand just how bad the data leak is.

The explanation for the hack is there was some sort of human error with a "server configuration".

In other words, someone set up the computers that store Twitch's private data incorrectly, making it findable and downloadable to hackers.

What the company has not said is when this mistake was made.

Some of the stolen data goes back three years, so there is a chance the servers could have been sitting ducks for some time - or the mistake could have left the door open for only a few days or weeks.

Hackers are always searching and scanning for open databases online - or it is even possible someone may have tipped off hackers about the internal IT blunder.

But making these sorts of mistakes is costly - particularly when you are a target as big as Twitch.

Presentational grey line

Wednesday's leak took the form of a torrent file posted to online forums by an anonymous user.

Its file structure contains folders labelled as containing payout information, business documents, under-the-hood software files and code, and even details of unreleased projects.

And the payouts folder contains what appear to be records of payments made to thousands of the biggest streamers on the platform over two years - showing many of the biggest brands are earning millions of dollars.

Several streamers told BBC News the payment data was accurate for their own earnings.

And that poses problems for the company.

"A lot more damage is now in store for Twitch," Candid Wuest from cyber-security company Acronis, said.

"The breach is already harming Twitch on all the fronts that count."

The leaked data "could contain nearly the full digital footprint of Twitch, making it one of the most severe data breaches of late", he said.

"Releasing payout reports for streaming clients will not make the influencers happy either," Mr Wuest added.

The download released online is also labelled "part one" - suggesting there may be more material yet to be posted to the internet.

Trending News

New Year snow flurries fall across England

New Year snow flurries fall across...

Many parts of England have seen snow flurries accompany the arrival of New Year. Areas which welcomed in 2021 with several centimetres...

Covid in Scotland The people who have lost their lives to Covid 19

Covid in Scotland The people who have...

As Scotland's coronavirus death toll passes 6,000 and continues to rise, we are sharing the stories of some of those who have...

Week in pictures 5 11 December 2020

Week in pictures 5 11 December 2020...

A selection of powerful news photographs taken around the world this week. image copyrightJacob King / Reutersimage captionMargaret...

Huddersfield phone mast fire put residents at risk

Huddersfield phone mast fire put residents...

A phone mast fire led to dozens of people being evacuated from their homes in Huddersfield in the early hours.It is not yet known what...

Coronavirus Who is still flying

Coronavirus Who is still flying...

media captionInside the almost deserted Heathrow airportLondon's Heathrow airport normally has about 600 flights landing on an...

When is tax dodging illegal

When is tax dodging illegal...

There are a lot of rash statements being made about whether or not the K2 tax avoidance scheme used by Jimmy Carr was "legal".The...

Our Latest Blog

Click to read Biden election Mike Pence welcomes senators bid to derail result

Biden election Mike Pence welcomes senators bid to derail result

US Vice-President Mike Pence has welcomed an effort by a group of senators to refuse to certify Joe Biden's presidential election...

Click to read Inauguration 2021 What happens on the day Biden is sworn in

Inauguration 2021 What happens on the day Biden is sworn in

Joe Biden is US president-elect. But the Democrat won't officially make his move to the White House until inauguration day - a...

Click to read Nancy Pelosi and Mitch McConnell s homes vandalised

Nancy Pelosi and Mitch McConnell s homes vandalised

Vandals in the US have attacked the homes of the leaders of the two houses of Congress on the eve of a new session and the swearing-in...

Click to read Veteran US broadcaster Larry King in hospital with Covid

Veteran US broadcaster Larry King in hospital with Covid

Veteran broadcaster Larry King, 87, has tested positive for coronavirus and is being treated at a hospital in Los Angeles, according...

Click to read Policeman buys family food instead of arresting them for shoplifting

Policeman buys family food instead of arresting them for shoplifting

A US police officer who was called out to arrest a family suspected of shoplifting instead bought them some food so they could have...

Click to read Suspected Islamists kill dozens in attacks on two Niger villages

Suspected Islamists kill dozens in attacks on two Niger villages

Suspected Islamist militants have attacked two villages in Niger, with reports of dozens of civilians killed. Around 49 died and 17...