• News

Massive Twitch 4chan leak includes list of the top 10,000 streamer payouts

A major data leak at Amazon and Twitch has exposed a great deal of information, allegedly including Twitch's source code and its top creator payouts.

TJ Denzer

October 6, 2021 7:20 AM

61

UPDATED (10/6/2021 @ 2:00 a.m. PT): Twitch has since confirmed on Twitter that a breach did indeed of data did indeed take place and has taken steps to attempt to sort out the matter, promising to share updates on the situation as soon as possible.

We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.

— Twitch (@Twitch) October 6, 2021

Furthermore, recently, an anonymous source at Twitch shared with Shacknews that based on the nature, degree, and specifics of the leak, it's highly likely that the leak was internal.

It’s a rough morning for Twitch and Twitch users going into today. Apparently, overnight, hackers got into a lot of behind-the-curtain data on the Twitch platform and have posted it on 4chan. Quite a lot was claimed to have been taken in the leak. The hackers claiming responsibility claimed to have gotten at Twitch’s source code, data on its mobile, TV, and gaming clients, data of its owned subsidiaries, and even the payouts for its top streamers, which were openly shared.

This leak was reported and confirmed by various sources on October 6, 2021, including Video Games Chronicle. Reportedly, a torrent file of about 125GB of data was dropped on 4chan, which could be downloaded as of this morning to access a deluge of content relating to Twitch. Among that information was the 2019 payout reports for top streamers like Shroud and CohhCarnage. VGC was told by anonymous sources that the leaked data was indeed legitimate and Twitch has been internally aware of the leak. The data is alleged to have been taken as recently as Monday, October 4, 2021.

An (alleged) big leak from Twitch has been posted on 4chan. pic.twitter.com/6Sdz6GyJJV

— Irrational Chad (@IrrationalChad) October 6, 2021

According to posts on 4chan, the hack included breach and exposure of the following info:

• The entirety of Twitch’s source code with comment history “going back to its early beginnings”
• Creator payout reports from 2019
• Mobile, desktop and console Twitch clients
• Proprietary SDKs and internal AWS services used by Twitch
• “Every other property that Twitch owns” including IGDB and CurseForge
• An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios
• Twitch internal ‘red teaming’ tools (designed to improve security by having staff pretend to be hackers)

PSA: Not listed is the fact that apparently passwords may have also been part of the breach, as discovered by various Twitter users combing the data. As such, it is suggested that Amazon and Twitch users may want to change their passwords and enable 2-factor authentication as an extra means of security. There are guides on how to do so on Amazon and Twitch readily available.

Twitch has been making moves to try to stop hate raid bots recently, but there is still plenty of work to be done. The hackers claim their goal was to “foster more disruption and competition in the online video streaming space” because Twitch’s “community is a disgusting toxic cesspool.” It is unclear if these actions were in retaliation for the hate raid bots or in support of them. Nonetheless, a password change may be in order as Twitch and Amazon sort out their situation.

TJ Denzer

Senior News Editor

TJ Denzer is a player and writer with a passion for games that has dominated a lifetime. He found his way to the Shacknews roster in late 2019 and has worked his way to Senior News Editor since. Between news coverage, he also aides notably in livestream projects like the indie game-focused Indie-licious, the Shacknews Stimulus Games, and the Shacknews Dump. You can reach him at tj.denzer@shacknews.com and also find him on BlueSky @JohnnyChugs.