Twitch Hack: Creator Payout Details and Source Code Leaked for Free

Updated: 7 October 2021
Updated: 7 October 2021

Fact-checked by

Popular video game streaming service Twitch appears to have been hacked “in its entirety”, according to an anonymous hacker on 4Chan. The hacker posted a torrent file of 125G that contains source code as well as information on creator payouts.

The anonymous hacker commented on 4Chan that the reason for the leak was to “foster more disruption and competition in the online video streaming space.”

Privacy Affairs downloaded the entire 125GB and we can confirm that the leak is authentic. It appears to contain data from as recent as last week and goes back as far as 2019.

Update: A former Twitch software engineer confirmed the authenticity of the leak

Update 2: Several Twitch streamers on Twitter have confirmed that the leaked creator payout details are accurate

The leak includes the following information:

  • Creator payout details going back 3 years (incl. exact amounts paid out to individual creators)
  • The entirety of twitch.tv, “with commit history going back to its early beginnings
  • Source code for the mobile, desktop, and video game console Twitch clients
  • Code related to proprietary SDKs and internal AWS services used by Twitch
  • A Steam competitor currently unreleased
  • Twitch properties data like IGDB and CurseForge
  • Internal Twitch security tools

Twitch Hacked

The poster is joking that Amazon’s Jeff Bezos paid $970 million to buy Twitch, while they are leaking the “entirety of twitch.tv” for free.

In This Guide

More Leaks to Come?

What is more concerning is that the leak was titled “part one” on the forum board, possibly indicating that there might be a part two with more information to come.

Based on our analysis no compromising user information such as passwords were included in this leak.

However it cannot be ruled out that the hackers haven’t obtained this data, but opted not to release it at this time. If more leaks are to come, they may include sensitive account data such as passwords.

While it is not certain, data such as user passwords may be released in the potential “part two” of this leak that is hinted at by the anonymous hacker.

Twitch users are highly advised to immediately change their passwords and enable two-factor authentication.

Furthermore, account holders using the same Twitch email and password combination on sites and apps, are advised to change their passwords on every other platform as well.

The leaked data also seems to include user identity and authentication mechanisms (without passwords) as well as admin management tools.

It’s believed that the source of the leak was an internat Git server used by Twitch. These servers are used by companies with large teams of developers to easily implement core updates and made rollbacks when necessary to source code repositories.

We will update this story as new information emerges.

We are still analyzing the large 125GB of leaked data.

Twitch Hack

Written by: Miklos Zoltan

Connect with the author:

Founder & CEO Privacy Affairs

Miklos Zoltan is the founder and CEO of Privacy Affairs. Miklos has long-time experience in cybersecurity and data privacy having worked with international teams for more than 10 years in projects involving penetration testing, network security and cryptography.

Miklos founded Privacy Affairs in 2018 to provide cybersecurity and data privacy education to regular audiences by translating tech-heavy and "geeky" topics into easy-to-understand guides and tutorials.

In This Guide

Leave a Reply

Your email address will not be published.