[TheRecord] Twitch says no user passwords or cards numbers were exposed in major hack

In the aftermath of a major security breach that came to light yesterday, Twitch has now issued a formal statement to assure users that no passwords or payment card numbers were stolen or leaked online.

“At this time, we have no indication that login credentials have been exposed,” the company said in a blog post today.

“Additionally, full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed,” it added.

Twitch said it also reset all stream keys as a result of the incident. Users who stream on the site would most likely need to obtain a new one from their Twitch profile backends.

The Amazon-owned company said that while it is still investigating the breach, it believes the breach occured because of “an error in a Twitch server configuration change that was subsequently accessed by a malicious third party.”

That third party collected data from Twitch’s backend systems and released “part one” via a torrent file shared on 4chan.

The data trove, downloaded and analyzed by The Record, contained the source code for the Twitch.tv portal, backend applications and programming libraries, unreleased projects, security and user management tools, but also details about payouts to all Twitch users part of the company’s creator program.

Image: The Record

The leaker promised to release more data but did not provide a timeline. The threat actor said they leaked the data as a response to Twitch’s poor handling of “hate raids,” bot attacks that have flooded the chats of top streamers with abusive content.

Twitch’s explanation for the cause of the breach is consistent with what Thomas Shadwell, who founded Twitch’s security team in 2014, told ISMG in an interview yesterday, namely that Twitch developers used security keys to authenticate, suggesting the leak could have occurred via a server issue, rather than a compromised employee account.

The post Twitch says no user passwords or cards numbers were exposed in major hack appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[NCSC-FI News] Microsoft, Apple, and Google to support FIDO passwordless logins

Today, Microsoft, Apple, and Google announced plans to support a common passwordless sign-in standard (known as passkeys) developed by the World Wide Web Consortium (W3C) and the FIDO Alliance. Once implemented, these new Web Authentication (WebAuthn) credentials (aka FIDO credentials) will allow the three tech giants’ users to log in to their accounts without using […]

Read More

Daily NCSC-FI news followup 2020-10-20

Ruotsi rajaa kiinalaisyhtiöiden tekniikan pois 5G-verkostaan turvallisuuspoliisin ja puolustusvoimien suosituksesta yle.fi/uutiset/3-11603515 Ruotsi on päättänyt estää Huawein ja ZTE:n tekniikan käyttämisen maan 5G-verkkoa rakennettaessa. Kyseessä ovat kiinalaiset yhtiöt.. katso myös www.is.fi/digitoday/mobiili/art-2000006675870.html NSA: Top 25 vulnerabilities actively abused by Chinese hackers www.bleepingcomputer.com/news/security/nsa-top-25-vulnerabilities-actively-abused-by-chinese-hackers/ The U.S. National Security Agency (NSA) warns that Chinese state-sponsored hackers exploit 25 different vulnerabilities […]

Read More

[ZDNet] US prosecutors allege Venezuelan doctor is ransomware mastermind

All posts, ZDNet

Justice Department officials claim the doctor is behind notorious ransomware including Jigsaw and Thanos. Source: Read More (Latest topics for ZDNet in Security)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.