Twitch says ‘server configuration change’ led to massive data leak

Twitch has released an update on a massive hack that appears to have exposed source code, streamer payment figures and other information. It said that data was exposed to the internet “due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party.” It added that its teams are working with “urgency” to investigate the attack. 

The Amazon-owned streaming site added that it has “no indication” that any login credentials, including passwords, were exposed. “Additionally, full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed,” the company said.

Yesterday, attackers said they stole the “entirety of Twitch.tv,” including the site’s mobile, desktop and console Twitch clients. It also accessed proprietary SDKs and internal AWS services, red-teaming tools and more. All of that information could make Twitch vulnerable to future attacks by letting potential hackers probe for weaknesses. 

The leak also shows creator payments in the millions for streamers like xQc, Nickmercs and Shroud. Several have confirmed that the figures are accurate. 

Twitch said that the investigation is ongoing. “We are still in the process of understanding the impact in detail,” the company wrote.