What you need to know
- Twitch's entire source code has been leaked on the web.
- A huge data dump appears to include details of creator payouts and even encrypted passwords.
- You should change your Twitch password right now, and turn on 2FA.
An enormous Twitch leak has been dumped on the internet, exposing the platform's entire source code, creator payouts, passwords, and more.
https://t.co/7vTDeRA9vt got leaked. Like, the entire website; Source code with comments for the website and various console/phone versions, refrences to an unreleased steam competitor, payouts, encrypted passwords that kinda thing.
Might wana change your passwords.https://t.co/7vTDeRA9vt got leaked. Like, the entire website; Source code with comments for the website and various console/phone versions, refrences to an unreleased steam competitor, payouts, encrypted passwords that kinda thing.
Might wana change your passwords.— Sinoc (@Sinoc229) October 6, 2021October 6, 2021
A 125GB torrent link was reportedly posted to 4chan on Wednesday by an anonymous hacker who said they were doing it to "foster more disruption and competition in the online video streaming space" stating "their community is a disgusting toxic cesspool".
VGC reports the data is publicly available to download (not recommended) and "one anonymous company source" told the outlet the leaked data is legitimate and even includes the source code for the entire platform. It also reportedly includes comment history, creator payout reports, and mobile and desktop clients used to power Twitch on devices like iPhone 13 and Nintendo Switch, references to an unreleased steam competitor, and more. According to the report, the data also includes encrypted passwords.
If you use Twitch, either as a creator or simply for viewing, you should definitely change your password right now, and switch on two-factor authentication just to be sure.
Twitter has confirmed this afternoon that a breach has taken place and that the platform is working with urgency to understand the extent of it.
We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.— Twitch (@Twitch) October 6, 2021October 6, 2021
Stephen Warwick has written about Apple for five years at iMore and previously elsewhere. He covers all of iMore's latest breaking news regarding all of Apple's products and services, both hardware and software. Stephen has interviewed industry experts in a range of fields including finance, litigation, security, and more. He also specializes in curating and reviewing audio hardware and has experience beyond journalism in sound engineering, production, and design.
Before becoming a writer Stephen studied Ancient History at University and also worked at Apple for more than two years. Stephen is also a host on the iMore show, a weekly podcast recorded live that discusses the latest in breaking Apple news, as well as featuring fun trivia about all things Apple.
Assuming the passwords are properly hashed it doesn't make sense that I need to change my password. Perhaps it might be prudent. My password should have about 256 bits of entropy. It is basically guaranteed that they can't brute force my password unless they find a weakness in the password generator I used.
Get the best of iMore in in your inbox, every day!
Thank you for signing up to iMore. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.