Here’s what you need to know about Twitch’s latest hack incident

Twitch

Twitch has confirmed on Wednesday that a group of hackers were able to access the streaming company’s servers due to a misconfiguration change.  

“We can confirm a breach has taken place,” Twitch’s official team tweeted. “Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available.” 

Twitch explained that the cybercriminals accessed internal company “due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party.” The company says it has “no indication that login credentials have been exposed,” and that “full credit card numbers were not exposed.” 

So far, the information that got leaked are the company’s source code for its’ streaming service, unreleased Steam competitor from Amazon Game Studios, as well as details of creator payouts. 

“An anonymous poster on the 4chan messaging board released a 125GB torrent earlier today, which they claim includes the entirety of Twitch and its commit history,” according to The Verge. 

What makes this hack incident particularly interesting, is the fact that it’s labeled as “part one” by the hackers, which suggest that there’s more to it. While personal details including how much the creators are getting paid were leaked, other information like passwords, addresses, or email accounts of Twitch users are still intact. 

“The leaker appears to have focused on sharing Twitch’s own company tools and information, rather than code that would include personal accounts,” The Verge added. 

As Twitch’s team works with full urgency to fix the problem, it remains unclear the amount of data that has been accessed. However, Twitch has reset all stream keys on its service. 

“Out of an abundance of caution, we have reset all stream keys,” an email to all Twitch streamers noted. 

If you’re an avid Twitch user or content creator, it’s recommended that you change your Twitch password and enable two-factor authentication if you haven’t already done so.