A hacker or group of hackers has posted a link to a torrent on 4chan that is purported to be the entire source code for the website Twitch. Twitch, a streaming platform that is extremely popular among esports enthusiasts and some of the biggest streamers in the world, has confirmed that the hack was legitimate via an official tweet.
One of the hackers posted to 4chan, confirming that their leak contained the “entirety of twitch.tv, with commit history going back to its early beginnings,” which even includes evidence of an “unreleased Steam competitor from Amazon Game Studios.” That unreleased Steam competitor is reportedly codenamed Vapor, but it’s unclear if that’s meant to be a placeholder name or if it is what Twitch’s owner, Amazon, actually planned to name the service.
Perhaps the most impactful part of the hack is that it includes the creator payouts that Twitch has sent to streamers since 2019. This allows anyone online to take a peek directly into the finances of every single Twitch streamer, from the smallest channels up to the most popular.
The hackers gave their reasoning for targeting Twitch as a desire to “foster more disruption and competition in the online video streaming space.” Moreover, the hackers suggested that the hack was at least partly due to their distaste for Twitch as a platform, harshly referring to it as a “disgusting toxic cesspool.”
Independent third parties have confirmed that the torrent link posted by the hackers is real and that it allows anyone who accesses it to download the entirety of Twitch. The hack comes on the heels of the recent popularity of the hashtag “#TwitchDoBetter,” which has trended as some users call on the streaming site to address a myriad of issues they perceive on the platform.
Since the security breach includes the usernames of everyone who has ever used Twitch, it’s safe to assume that the hackers and anyone who downloads the torrent could have access to user information. This means, at the very least, that users will want to change their Twitch passwords.
Likewise, if you don’t already use two-factor authentication on your Twitch account, now is the time to set that up. If you do already use two-factor authentication, you might want to switch the authentication avenue. For instance, if you use your phone right now, consider switching to using an email address. This is because hackers would presumably be able to see what kind of authentication you had set up when the leak took place.