[TheRecord] Anonymous leaks Twitch source code and business data on 4chan

Individuals claiming to be part of the Anonymous hacker collective have leaked the source code and business data of video streaming platform Twitch via a torrent file posted on the 4chan discussion board earlier today.

Anonymous said they leaked the data as a response to the recent “hate raids” —coordinated bot attacks posting hateful and abusive content in Twitch chats— that have plagued the platform’s top streamers over the summer.

“Their community is […] a disgusting toxic cesspool, so to foster more disruption and competition in the online video streaming space, we have completely pwned them, and in part one, are releasing the source code from almost 6,000 internal Git repositories,” the leakers said earlier today.

The Record has downloaded parts of the 128 GB torrent file shared by the leakers in order to confirm its authenticity.

Image: The Record

The content of the leak is in tune with what the hacktivists claimed to have shared earlier today, quoted below:

Entirety of Twitch.tv, with commit history going back to its early beginningsMobile, desktop and video game console Twitch clientsVarious proprietary SDKs and internal AWS services used by TwitchEvery other property that Twitch owns including IGDB and CurseForgeAn unreleased Steam competitor from Amazon Game StudiosTwitch SOC internal red teaming tools (lol)AND: Creator payout reports from 2019 until now. Find out how much your favorite streamer is really making!

Among the treasure trove of data, the most sensitive folders are the ones holding information about Twitch’s user identity and authentication mechanisms, admin management tools, and data from Twitch’s internal security team, including white-boarded threat models describing various parts of Twitch’s backend infrastructure [see redacted image below].

Image: The Record
Image: The Record

While at the time of writing, The Record was unable to find personal details for any Twitch users, the leak also contained payout schemes for the platform’s top streamers.

The data, which we will not be linking or sharing in any way, is exposing the monthly revenues for some of the platform’s biggest earners, some of which reach six-figure sums; data that could be a boon for extortionists and criminal groups.

A Twitch spokesperson did not immediately return a request for comment regarding today’s leak.

The source of the leak is currently believed to be an internal Git server. Git servers are typically used by companies to allow large teams of programmers to make controlled and easily reversible changes to source code repositories.

The leak was also labeled as “part one,” suggesting that more data will be leaked in the future.

Although no user data was found in the leak, several security researchers have urged users to change their passwords and enable a multi-factor authentication solution for their account as a precaution.

The leak comes a month after thousands of Twitch streams organized the #ADayOffTwitch walkout on September 1, refusing to stream in response to the ever-increasing hate raids.

In August, Twitch promised to address the hate raids in a message posted on Twitter, asking for patience as the spam attacks did not have “a simple fix.”

Developing story. More updates will likely follow through the day.

The post Anonymous leaks Twitch source code and business data on 4chan appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ZDNet] FBI: Hackers used malicious PHP code to grab credit card data

All posts, ZDNet

Unidentified attackers accessed credit card data and created a backdoor into the victim’s systems, says law enforcement agency. Source: Read More (Latest topics for ZDNet in Security)

Read More

[SecurityWeek] Spyware Find Highlights Depth of Hacker-for-Hire Industry

All posts, Security Week

Security researchers said Thursday they found two kinds of commercial spyware on the phone of a leading exiled Egyptian dissident, providing new evidence of the depth and diversity of the abusive hacker-for-hire industry. read more Source: Read More (SecurityWeek RSS Feed)

Read More

Daily NCSC-FI news followup 2021-10-25

Microsoft says Russia hacked at least 14 IT service providers this year therecord.media/microsoft-says-russias-apt29-hacked-at-least-14-it-service-providers-this-year/ Microsoft said on Monday that a Russian state-sponsored hacking group known as Nobelium had attacked more than 140 IT and cloud services providers, successfully breaching 14 companies. NOBELIUM targeting delegated administrative privileges to facilitate broader attacks www.microsoft.com/security/blog/2021/10/25/nobelium-targeting-delegated-administrative-privileges-to-facilitate-broader-attacks/ The targeted activity has been […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.