Twitch Hack: Creator Payout Details and Source Code Leaked for Free

Miklos Zoltan

By Miklos Zoltan . 8 August 2022

Founder - Privacy Affairs

1 Comments

Popular video game streaming service Twitch appears to have been hacked “in its entirety,” according to an anonymous hacker on 4Chan. The hacker posted a torrent file of 125G that contains source code as well as information on creator payouts.

The anonymous hacker commented on 4Chan that the reason for the leak was to “foster more disruption and competition in the online video streaming space.”

Privacy Affairs downloaded the entire 125GB, confirming that the leak is authentic. It appears to contain data from as recent as last week and goes back as far as 2019.

Update: A former Twitch software engineer confirmed the authenticity of the leak

Update 2: Several Twitch streamers on Twitter have confirmed that the leaked creator payout details are accurate

The leak includes the following information:

  • Creator payout details going back three years (incl. exact amounts paid out to individual creators)
  • The entirety of twitch.tv, “with commit history going back to its early beginnings
  • Source code for the mobile, desktop, and video game console Twitch clients
  • Code related to proprietary SDKs and internal AWS services used by Twitch
  • A Steam competitor currently unreleased
  • Twitch properties data like IGDB and CurseForge
  • Internal Twitch security tools

Twitch Hacked

The poster is joking that Amazon’s Jeff Bezos paid $970 million to buy Twitch while they are leaking the “entirety of twitch.tv” for free.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

More Leaks to Come?

What is more concerning is that the leak was titled “part one” on the dark web forum board, possibly indicating that there might be a part two with more information.

Based on our analysis, no compromising user information such as passwords were included in this leak.

However, it cannot be ruled out that the hackers haven’t obtained this data but opted not to release it. If more leaks are to come, they may include sensitive account data such as passwords.

While it is not certain, data such as user passwords may be released in the potential “part two” of this leak that is hinted at by the anonymous hacker.

Twitch users are highly advised to change their passwords and enable two-factor authentication immediately.

Furthermore, account holders using the same Twitch email and password combination on sites and apps are advised to change their passwords on every other platform as well.

The leaked data also seems to include user identity and authentication mechanisms (without passwords) and admin management tools.

It’s believed that the source of the leak was an internal Git server used by Twitch. Companies with large teams of developers use these servers to implement core updates easily and make rollbacks to source code repositories when necessary.

We will update this story as new information emerges.

We are still analyzing the large 125GB of leaked data.

Twitch Hack

Miklos Zoltan
Founder & CEO Privacy Affairs

Miklos Zoltan is the founder and CEO of Privacy Affairs. Miklos has long-time experience in cybersecurity and data privacy having worked with international teams for more than 10 years in projects involving penetration testing, network security and cryptography.

Miklos founded Privacy Affairs in 2018 to provide cybersecurity and data privacy education to regular audiences by translating tech-heavy and "geeky" topics into easy-to-understand guides and tutorials.

Miklos Zoltan
  • Connect with the author:

1 Comment

  • Victor

    September 6, 2023 8:36 am

    Great research

Leave a Comment