Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
RealityWarCriminal
Aug 10, 2016

all war is crime
still cute tho


Twitch got hacked and 125gb, everything, was posted

https://twitter.com/Twitch/status/1445770441176469512

https://www.theverge.com/2021/10/6/22712250/twitch-hack-leak-data-streamer-revenue-steam-competitor

quote:

Twitch appears to have been hacked, leaking source code for the company’s streaming service, an unreleased Steam competitor from Amazon Game Studios, and details of creator payouts. An anonymous poster on the 4chan messaging board has released a 125GB torrent, which they claim includes the entirety of Twitch and its commit history.

The poster claims the leak is designed to “foster more disruption and competition in the online video streaming space.” The Verge is able to confirm that the leak is legitimate, and includes code that is as recent as this week. Video Games Chronicle first reported details on the leak earlier today.

Twitch has confirmed it has suffered a data breach, and the company says it’s “working with urgency to understand the extent of this.”

The leak includes the following:

3 years worth of details regarding creator payouts on Twitch.
The entirety of twitch.tv, “with commit history going back to its early beginnings.”
Source code for the mobile, desktop, and video game console Twitch clients.
Code related to proprietary SDKs and internal AWS services used by Twitch.
An unreleased Steam competitor from Amazon Game Studios.
Data on other Twitch properties like IGDB and CurseForge.
Twitch’s internal security tools.
The leak is labelled as “part one,” suggesting there could be more to come. Video Games Chronicle reports that Twitch is aware of the breach, but the company has not yet informed its userbase.


all your favorites are implicated
https://twitter.com/KnowS0mething/status/1445663228831297545


cybersecurity experts are saying this is a big one, and the leakers suggested a part two. Twitch is a big platform and owned by Amazon, one of the biggest companies in the world. Amazon does most of its gaming business through twitch. a breach of this size against this big of a target is very significant.

They say personal information is unaffected. seems unlikely. a lot of goons stream so this may afect you.

Feel free to discuss the hack, the steam competitor, and gaming streaming. twitch is a broad platform with many facets.

Adbot
ADBOT LOVES YOU

Mode 7
Jul 28, 2007



At the level of compromise that would have been required to exfiltrate this amount of sensitive data I would be incredibly surprised if personal data wasn't taken with it.

If you have a Twitch account, change your password on it immediately and assume that any personal info associated with it is in the wild.

Coolguye
Jul 6, 2011

Required by his programming!



for whatever this is worth, imo not much since these are the same clownshoed dingbats that lost every secret they were supposed to protect.

well, no, i actually do believe the credit card piece. most businesses now just authorize a card and store the payment token because that means they don't have to prove PCI compliance; they never store the credit card numbers to begin with unless they absolutely cannot help it.

RPATDO_LAMD
Mar 22, 2013



AFAIK the hackers specifically scrubbed personal user data out of the giant data dump they released.
But that's only the public release, of course they still had a private version with all of that still in it.

Captain Invictus
Apr 5, 2005


Clever Betty

I like that Jerma is in the top 100, but only just.

I haven't seen the list besides that top 100 one, but I heard most of the vshojo girls are pulling in quite good numbers, Ironmouse being the top vtuber on twitch is nice to hear, she's great, especially with her medical costs.

Vinny and Joel being high up is nice to hear too, they both absolutely deserve it.

I'm not really offended or disappointed or whatever in the leaks like some people apparently are(popular content creators make money, surprise!), but I guess some of the top earners make a lot of their money while promoting what is essentially gambling to children? is that true?


and based on amazon's handling of gaming anything so far, I am very curious as to how much of a trainwreck this anti-steam project will be

Item Getter
Dec 14, 2015


quote:

The poster claims the leak is designed to “foster more disruption and competition in the online video streaming space.”

Do hackers who post on 4chan really say things like this? It sounds like the kind of thing an executive at a Silicon Valley startup would say

Play
Apr 25, 2006

So I roll with the rolling thunder
And I howl with the howling wind
And I drift downstream
For as long as it takes
To get up and around the bend


Item Getter posted:

Do hackers who post on 4chan really say things like this? It sounds like the kind of thing an executive at a Silicon Valley startup would say

It's an after-the-fact justification that seems vaguely plausible, which is all it's supposed to be. Of course, it won't actually do anything like that.

I don't care since I couldn't care less about streaming anyways, and I think shedding a little light on some opaque dealings is always a good thing.

30.5 Days
Nov 19, 2006


RPATDO_LAMD posted:

AFAIK the hackers specifically scrubbed personal user data out of the giant data dump they released.
But that's only the public release, of course they still had a private version with all of that still in it.

It's worth noting what this means- "personal user data" that was scrubbed means stuff scrubbed out of the dumped source code, like `//TODO Bob Jones - please remove mysql passwords from this source code`. There's plenty of reason to believe that htey don't have any customer personal data beyond what was posted, because twitch actually does secure PII pretty aggressively. Everything posted so far is stuff that most engineers at twitch have access to. This makes me think it's current employee, but if so they're loving stupid because they will be caught more or less immediately.

Subjunctive
Sep 12, 2006

sparkle and shine



Coolguye posted:

well, no, i actually do believe the credit card piece. most businesses now just authorize a card and store the payment token because that means they don't have to prove PCI compliance; they never store the credit card numbers to begin with unless they absolutely cannot help it.

They still have to be PCI compliant, but it’s easier to do if you’re storing payment tokens than if you’re storing full cardholder data.

Jerusalem
May 20, 2004

Would you be my new best friends?



Captain Invictus posted:

and based on amazon's handling of gaming anything so far, I am very curious as to how much of a trainwreck this anti-steam project will be

Yeah, I'm not really all that interested in how much streamers are making but the bit about Amazon wanting to make their own version of Steam just fills me with a kind of exhausted dread.

John Murdoch
May 19, 2009

I can tune a fish.


Tbh I don't know why people find that surprising considering at one point they switched over from a standalone Twitch client to the Amazon Games Platform (which was basically the same drat thing anyway), and is itself only notable because that's how you get access to all those free Twitch Prime games you probably forgot you have.

Coolguye
Jul 6, 2011

Required by his programming!


Subjunctive posted:

They still have to be PCI compliant, but it’s easier to do if you’re storing payment tokens than if you’re storing full cardholder data.

right, sure. my point was that the PCI compliance steps for not storing any live payment information are so simple they might as well not exist anyway.

RealityWarCriminal
Aug 10, 2016

all war is crime
still cute tho


You used to be able buy games through the Twitch client. At a certain point all you're doing is providing data, and Amazon is good at that. Steam used to sell movies too.

There's also Amazon Luna, the stadia+gamepass thing they're trying. I don't think they'll have any more luck with cloud gaming that all the other failed attempts had.

RealityWarCriminal fucked around with this message at 06:43 on Oct 8, 2021

Vizuyos
Jun 17, 2020

Thank U for reading

If you hated it...
FUCK U and never come back


It seems like the hackers still have access to something, because a wacky Jeff Bezos face was added to the background of popular game pages last night.

https://twitter.com/Vahn16/status/1446502409455513603

Not exactly inspiring confidence in Twitch, to say the least.

StoryTime
Feb 26, 2010

Now listen to me children and I'll tell you of the legend of the Ninja

A lot of their proprietary source code was leaked, I'm sure there are millions of eyes on it right now to find all kinds of fun activities to do. It's an exciting time for the platform and all who depend on it!

CottonWolf
Jul 20, 2012

Good ideas generator



Mode 7 posted:

At the level of compromise that would have been required to exfiltrate this amount of sensitive data I would be incredibly surprised if personal data wasn't taken with it.

I am incredibly fascinated as to how exactly they pulled it off. Getting this deep feels like it must have been a social engineering thing, and they managed to get hold of an admin password or something.

Subjunctive
Sep 12, 2006

sparkle and shine



Or an inside attacker/accomplice.

eonwe
Aug 11, 2008



Lipstick Apathy

i just assumed a disgruntled employee was involved

Vadun
Mar 9, 2011

I'm hungrier than a green snake in a sugar cane field.



Something like this is usually "Dude with engineering credentials gets phished, they get into something that doesn't require 2factor and drop a webshell"

30.5 Days
Nov 19, 2006


Vadun posted:

Something like this is usually "Dude with engineering credentials gets phished, they get into something that doesn't require 2factor and drop a webshell"

It's probably like this- everything released so far has been things all engineers at twitch have access to, few engineers at twitch have access to personal data aside from performance metrics of streamers, like payouts, views, etc.

Nyaa
Jan 7, 2010
Like, Nyaa.

:colbert:


Any info on how twitch handle old vod? Does it immediately delete them right pass 2 months?

Adbot
ADBOT LOVES YOU

Vizuyos
Jun 17, 2020

Thank U for reading

If you hated it...
FUCK U and never come back


Nyaa posted:

Any info on how twitch handle old vod? Does it immediately delete them right pass 2 months?

It deletes them after either 2 weeks or 2 months, depending on what combination of account benefits and premium features the streamer has. I severely doubt it secretly holds onto them for much longer.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply