A brief recent history of Twitch
Twitch is the internet’s most popular live streaming platform. While the site’s content and user base is predominantly associated with video game streaming and gamer culture, Twitch is also home to musicians and other creators who use the site to connect with fans and build communities around their work.
In 2014, Twitch was purchased by Amazon for $970 million in cash.
As with any social platform, Twitch has found itself periodically mired in controversy as it has gained popularity. This has become especially true over the course of the COVID-19 pandemic, as the site experienced an explosion in growth and exposure when creators flocked to the site, cutoff from other means of personally engaging with their supporters.
From speculation about the company’s reluctance to punish or distance itself from some of its most lucrative but controversial streamers to the prevalence of hate speech and misogyny on the platform, Twitch has frequently struggled to thread the needle between maintaining growth and avoiding the pitfalls that social media outlets like Facebook and Twitter consistently reel from.
Many streamers have found themselves confused as the company seems to dole out the laws vaguely described in its labyrinthian terms of service agreement with little to no explanation. Many users have been left demonetized or exiled from the site with no means to understand how to get back into the company’s good graces or what they did to deserve punishment.
While YouTube and Facebook have been building their own steadily growing streaming platforms, Twitch remains the undisputed king of the industry with more than 7 million broadcasters using the site every month. Its leading position, as well as its association with Amazon’s powerful tools and resources, has made the recent hack of the platform all the more shocking.
The Twitch hack
On the morning of October 6th, 2021, a post appeared on 4chan, a frequently controversial online forum and message board, in which an anonymous user brandished a 255 GB file that they claimed to contain Twitch’s entire source code as well as information associated with the earnings of the platform’s top streamers, mobile, desktop and video game console Twitch clients and an unreleased video game downloading platform being created by Amazon Game Studios to directly compete with Steam.
The data load was described by the poster as “part one” of a large leak that they referred to as “poggers,” a slang term used frequently within Twitch communities to describe an exciting occurrence.
Hours later, Twitch released a statement via Twitter confirming that the hack was legitimate and that they were working “with urgency to understand the extent” of the breach.
Two days later, on October 8th, Twitch was defaced with Amazon founder Jeff Bezos’ face displaying a surprised expression occupying the background of a number of the site’s pages. While it is unclear if this was directly related to the leak of the platform’s source code, many fear that it may be only the beginning of hackers meddling in the site’s works and potentially figuring out how to cripple the platform or procure sensitive information related to its users. The speed at which the site was able to be defaced, and the fact that Bezos’ face remained visible for two hours, alarmed many.
Some also speculate that a hard look at Twitch’s code may reveal vulnerabilities present in other Amazon associated sites and platforms.
Who is responsible for the Twitch hack?
Currently, those responsible for hacking Twitch remain anonymous. It is safe to assume that their identity will be discovered as Amazon throws its finances and influence behind an investigation.
How was Twitch hacked?
Twitch has remained mum thus far on any details regarding how an unauthorized person would be able to access and download the site’s source code.
Why was Twitch hacked?
Thus far, what little the perpetrators have offered regarding their reason for hacking Twitch in their post implies that they are working from a “hacktivist” mindset.
Describing the platform as “a disgusting toxic cesspool,” the hackers state that they wish to “foster more disruption and competition in the online video streaming space.”
Included in the post was the hashtag #DoBetterTwitch. A similar hashtag, #TwitchDoBetter, was trending earlier this summer in response to the platform’s perceived reluctance or outright inability to prevent marginalized streamers from having their chat feed inundated with harassment and hate speech.
It is unclear if the perpetrators inaccurately phrased the #DoBetterTwitch hashtag intentionally to mock those who have been victimized by abusive Twitch users or merely made an accidental error and intended to show support for marginalized people on the platform.
The fact that the hack was disclosed on 4chan, a completely anonymous online forum that has gained notoriety for harboring far right ideologies, hate speech and white nationalist content, only serves to further confuse the meaning behind the hack’s intentions. Engaging with 4chan at all can be seen as counter to any effort made to level the playing field for minority streamers.
The use of outdated gamer slang also casts some suspicion on just how familiar these hackers may be with Twitch’s user base and their assumed age.
The release and celebration of payout information associated with Twitch’s biggest streamers is also a confusing development. Did the hackers release the information in order to undermine confidentiality agreements these streamers have with Twitch regarding their pay in order to allow other platforms to make competitive offers? Or, did they release the data in order to spread discontent among streamers and chaos within Twitch? The fact that the data shows that many among the site’s top streamers make less than minimum wage when considering the hours they put into the platform only serves to further muddy the hackers’ intended reaction to the leak. That is, of course, assuming that they had one in mind at all.
At this point in time, it would appear as though the hackers responsible are seeking to damage Twitch and Amazon, seemingly with little regard as to how this may affect the platform’s community.
As it currently stands, most Twitch users have not been affected by the hack. High profile streamers have had to answer to and respond to questions about and reactions to their salaries, but the site remains completely functional and has experienced no downtime or disruption. Needless to say, the same cannot be said about the thin ice that the company had already found its reputation on over the past year.
Twitch recommends that all users update their passwords immediately. While the leak thus far does not include the kind of data that can be used to steal someone’s identity, the unpredictable nature of the dark web and the confusing motivations of the hackers responsible demands an excess of caution. The company has also reset user stream keys.
While Twitch has made a few statements regarding the hack via social media, the company has provided no comment on the site’s Bezos-themed defacement and is reportedly operating under the assumption that all of their systems have been compromised. Employees are said to not be permitted to speak about the hack outside of the company or even while using potentially compromised internal means such as Slack.
While it remains to be seen how Twitch’s source code and data was acquired, many hacks of large, multimillion dollar companies occur simply because they failed to adhere to the same basic cybersecurity rules that apply to businesses of all sizes:
- Use strong passwords. Be sure to create strong, random login credentials. Change your passwords frequently and do not share them with others.
- Delete your cookies. Cookies are pieces of information that websites use to keep track of you. This data can potentially be used by hackers for nefarious purposes. Clear the cookies saved in your browser once every couple of weeks.
- Ditch the old hardware. Replace outdated hardware with refurbished firewalls or network switches from a reputable dealer.
- Conceal your activity with a VPN. Using a VPN is a great way to keep your network hidden from hackers. Needless to say, multi factor identification can make the difference between safety and stolen data.
- October 2021 Twitch source code, earnings hack explained by Nicole Carpenter, 6 Oct 2021, Polygon
- Huge data breach CONFIRMED & streamers mock controversy over earnings from leak by Milica Cosic, 7 Oct 2021, The Scottish Sun
- Many top Twitch streamers don’t make minimum wage, and 3 new takeaways from the Twitch hack by Nathan Grayson, 8 Oct 2021, The Washington Post
- Twitch Hacker Releases Source Code For Streaming Platform by John Walker, 6 Oct 2021, Kotaku
- Twitch’s Kevin Lin: This is what it’s like to have Amazon buy your company by Leah Ginsberg, 16 June 2017, CNBC
- Twitch responds to ‘Twitch Do Better’ movement with improved chat filters by Ash Parrish, 11 Aug 2021, The Verge
- Twitch defaced with pictures of Jeff Bezos by Tom Warren, 8 Oct 2021, The Verge
It’s unclear just how bad the Twitch data leak is by Deepa Shivaram, 6 Oct 2021, NPR
- 4chan – Wikipedia