[TheRecord] Anonymous leaks Twitch source code and business data on 4chan

Individuals claiming to be part of the Anonymous hacker collective have leaked the source code and business data of video streaming platform Twitch via a torrent file posted on the 4chan discussion board earlier today.

Anonymous said they leaked the data as a response to the recent “hate raids” —coordinated bot attacks posting hateful and abusive content in Twitch chats— that have plagued the platform’s top streamers over the summer.

“Their community is […] a disgusting toxic cesspool, so to foster more disruption and competition in the online video streaming space, we have completely pwned them, and in part one, are releasing the source code from almost 6,000 internal Git repositories,” the leakers said earlier today.

The Record has downloaded parts of the 128 GB torrent file shared by the leakers in order to confirm its authenticity.

Image: The Record

The content of the leak is in tune with what the hacktivists claimed to have shared earlier today, quoted below:

Entirety of Twitch.tv, with commit history going back to its early beginningsMobile, desktop and video game console Twitch clientsVarious proprietary SDKs and internal AWS services used by TwitchEvery other property that Twitch owns including IGDB and CurseForgeAn unreleased Steam competitor from Amazon Game StudiosTwitch SOC internal red teaming tools (lol)AND: Creator payout reports from 2019 until now. Find out how much your favorite streamer is really making!

Among the treasure trove of data, the most sensitive folders are the ones holding information about Twitch’s user identity and authentication mechanisms, admin management tools, and data from Twitch’s internal security team, including white-boarded threat models describing various parts of Twitch’s backend infrastructure [see redacted image below].

Image: The Record
Image: The Record

While at the time of writing, The Record was unable to find personal details for any Twitch users, the leak also contained payout schemes for the platform’s top streamers.

The data, which we will not be linking or sharing in any way, is exposing the monthly revenues for some of the platform’s biggest earners, some of which reach six-figure sums; data that could be a boon for extortionists and criminal groups.

A Twitch spokesperson did not immediately return a request for comment regarding today’s leak.

The source of the leak is currently believed to be an internal Git server. Git servers are typically used by companies to allow large teams of programmers to make controlled and easily reversible changes to source code repositories.

The leak was also labeled as “part one,” suggesting that more data will be leaked in the future.

Although no user data was found in the leak, several security researchers have urged users to change their passwords and enable a multi-factor authentication solution for their account as a precaution.

The leak comes a month after thousands of Twitch streams organized the #ADayOffTwitch walkout on September 1, refusing to stream in response to the ever-increasing hate raids.

In August, Twitch promised to address the hate raids in a message posted on Twitter, asking for patience as the spam attacks did not have “a simple fix.”

Developing story. More updates will likely follow through the day.

The post Anonymous leaks Twitch source code and business data on 4chan appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[SecurityWeek] At Least 30,000 Internet-Exposed Exchange Servers Vulnerable to ProxyShell Attacks

All posts, Security Week

Tens of thousands of internet-exposed Microsoft Exchange servers appear to be affected by the ProxyShell vulnerabilities, and they could get compromised at any moment considering that threat actors are already scanning the web for vulnerable devices. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[ZDNet] Raccoon stealer-as-a-service will now try to grab your cryptocurrency

All posts, ZDNet

The malware has been upgraded to target even more financial information. Source: Read More (Latest topics for ZDNet in Security)

Read More

[BleepingComputer] Apple fixes iOS zero-day used to deploy NSO iPhone spyware

Apple has released security updates to fix two zero-day vulnerabilities that have been seen exploited in the wild to attack iPhones and Macs. […] Source: Read More (BleepingComputer)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.