Twitch, Amazon’s video game live streaming service, appears to have had a major security breach. Twitch source code and user data, including 3 years worth of streamer payout figures, have been posted on a 4chan message board. The 125GB leak appears to include the entirety of Twitch.tv’s front and backend codebase, and includes code that is as recent as this week. It also includes Twitch’s own internal security tools.
It’s unclear at this time if the leak includes user passwords or other sensitive user information, but the leak is labeled as “part one,” so it seems like more data was taken than has been made public. If you have a Twitch account, it would be a good idea to go in and change your password, at the very least, and turn on two-factor authentication.
If you installed the Twitch app on a whim on any of your devices and you don’t really use it much, you may want to just uninstall it for the time being, until the fallout of this leak is better known. Twitch’s app source code is included in the leak, so, while unlikely, the leak may lead to new attack vectors for devices with the app installed.
Included in the leak is code for an unreleased game store, codenamed Vapor, which seems to be Amazon’s upcoming competitor to Valve’s Steam app. The project appears to integrate many of Twitch’s community features and appears to include Unity-powered chat software/game called Vaporworld.