|
Twitch got hacked and 125gb, everything, was posted https://twitter.com/Twitch/status/1445770441176469512 https://www.theverge.com/2021/10/6/22712250/twitch-hack-leak-data-streamer-revenue-steam-competitor quote:Twitch appears to have been hacked, leaking source code for the company’s streaming service, an unreleased Steam competitor from Amazon Game Studios, and details of creator payouts. An anonymous poster on the 4chan messaging board has released a 125GB torrent, which they claim includes the entirety of Twitch and its commit history. all your favorites are implicated https://twitter.com/KnowS0mething/status/1445663228831297545 cybersecurity experts are saying this is a big one, and the leakers suggested a part two. Twitch is a big platform and owned by Amazon, one of the biggest companies in the world. Amazon does most of its gaming business through twitch. a breach of this size against this big of a target is very significant. They say personal information is unaffected. seems unlikely. a lot of goons stream so this may afect you. Feel free to discuss the hack, the steam competitor, and gaming streaming. twitch is a broad platform with many facets.
|
#
?
Oct 7, 2021 01:29
|
|
|
|
| # ? Apr 19, 2024 07:50 |
|
|
At the level of compromise that would have been required to exfiltrate this amount of sensitive data I would be incredibly surprised if personal data wasn't taken with it. If you have a Twitch account, change your password on it immediately and assume that any personal info associated with it is in the wild.
|
|
#
?
Oct 7, 2021 04:32
|
|
|
 for whatever this is worth, imo not much since these are the same clownshoed dingbats that lost every secret they were supposed to protect. well, no, i actually do believe the credit card piece. most businesses now just authorize a card and store the payment token because that means they don't have to prove PCI compliance; they never store the credit card numbers to begin with unless they absolutely cannot help it.
|
|
#
?
Oct 7, 2021 06:59
|
|
|
AFAIK the hackers specifically scrubbed personal user data out of the giant data dump they released. But that's only the public release, of course they still had a private version with all of that still in it.
|
|
#
?
Oct 7, 2021 07:35
|
|
|
I like that Jerma is in the top 100, but only just. I haven't seen the list besides that top 100 one, but I heard most of the vshojo girls are pulling in quite good numbers, Ironmouse being the top vtuber on twitch is nice to hear, she's great, especially with her medical costs. Vinny and Joel being high up is nice to hear too, they both absolutely deserve it. I'm not really offended or disappointed or whatever in the leaks like some people apparently are(popular content creators make money, surprise!), but I guess some of the top earners make a lot of their money while promoting what is essentially gambling to children? is that true? and based on amazon's handling of gaming anything so far, I am very curious as to how much of a trainwreck this anti-steam project will be
|
|
#
?
Oct 7, 2021 13:05
|
|
|
quote:The poster claims the leak is designed to “foster more disruption and competition in the online video streaming space.” Do hackers who post on 4chan really say things like this? It sounds like the kind of thing an executive at a Silicon Valley startup would say
|
|
#
?
Oct 7, 2021 14:11
|
|
|
Item Getter posted:Do hackers who post on 4chan really say things like this? It sounds like the kind of thing an executive at a Silicon Valley startup would say It's an after-the-fact justification that seems vaguely plausible, which is all it's supposed to be. Of course, it won't actually do anything like that. I don't care since I couldn't care less about streaming anyways, and I think shedding a little light on some opaque dealings is always a good thing.
|
|
#
?
Oct 7, 2021 17:31
|
|
|
RPATDO_LAMD posted:AFAIK the hackers specifically scrubbed personal user data out of the giant data dump they released. It's worth noting what this means- "personal user data" that was scrubbed means stuff scrubbed out of the dumped source code, like `//TODO Bob Jones - please remove mysql passwords from this source code`. There's plenty of reason to believe that htey don't have any customer personal data beyond what was posted, because twitch actually does secure PII pretty aggressively. Everything posted so far is stuff that most engineers at twitch have access to. This makes me think it's current employee, but if so they're loving stupid because they will be caught more or less immediately.
|
|
#
?
Oct 7, 2021 20:14
|
|
|
Coolguye posted:well, no, i actually do believe the credit card piece. most businesses now just authorize a card and store the payment token because that means they don't have to prove PCI compliance; they never store the credit card numbers to begin with unless they absolutely cannot help it. They still have to be PCI compliant, but it’s easier to do if you’re storing payment tokens than if you’re storing full cardholder data.
|
|
#
?
Oct 8, 2021 01:12
|
|
|
Captain Invictus posted:and based on amazon's handling of gaming anything so far, I am very curious as to how much of a trainwreck this anti-steam project will be Yeah, I'm not really all that interested in how much streamers are making but the bit about Amazon wanting to make their own version of Steam just fills me with a kind of exhausted dread.
|
|
#
?
Oct 8, 2021 03:05
|
|
|
Tbh I don't know why people find that surprising considering at one point they switched over from a standalone Twitch client to the Amazon Games Platform (which was basically the same drat thing anyway), and is itself only notable because that's how you get access to all those free Twitch Prime games you probably forgot you have.
|
|
#
?
Oct 8, 2021 05:25
|
|
|
Subjunctive posted:They still have to be PCI compliant, but it’s easier to do if you’re storing payment tokens than if you’re storing full cardholder data. right, sure. my point was that the PCI compliance steps for not storing any live payment information are so simple they might as well not exist anyway.
|
|
#
?
Oct 8, 2021 05:28
|
|
|
You used to be able buy games through the Twitch client. At a certain point all you're doing is providing data, and Amazon is good at that. Steam used to sell movies too. There's also Amazon Luna, the stadia+gamepass thing they're trying. I don't think they'll have any more luck with cloud gaming that all the other failed attempts had. RealityWarCriminal fucked around with this message at 07:43 on Oct 8, 2021 |
|
#
?
Oct 8, 2021 07:39
|
|
|
It seems like the hackers still have access to something, because a wacky Jeff Bezos face was added to the background of popular game pages last night. https://twitter.com/Vahn16/status/1446502409455513603 Not exactly inspiring confidence in Twitch, to say the least.
|
|
#
?
Oct 8, 2021 17:10
|
|
|
A lot of their proprietary source code was leaked, I'm sure there are millions of eyes on it right now to find all kinds of fun activities to do. It's an exciting time for the platform and all who depend on it!
|
|
#
?
Oct 8, 2021 17:22
|
|
|
Mode 7 posted:At the level of compromise that would have been required to exfiltrate this amount of sensitive data I would be incredibly surprised if personal data wasn't taken with it. I am incredibly fascinated as to how exactly they pulled it off. Getting this deep feels like it must have been a social engineering thing, and they managed to get hold of an admin password or something.
|
|
#
?
Oct 10, 2021 18:27
|
|
|
Or an inside attacker/accomplice.
|
|
#
?
Oct 10, 2021 18:31
|
|
|
i just assumed a disgruntled employee was involved
|
|
#
?
Oct 10, 2021 18:33
|
|
|
Something like this is usually "Dude with engineering credentials gets phished, they get into something that doesn't require 2factor and drop a webshell"
|
|
#
?
Oct 11, 2021 17:50
|
|
|
Vadun posted:Something like this is usually "Dude with engineering credentials gets phished, they get into something that doesn't require 2factor and drop a webshell" It's probably like this- everything released so far has been things all engineers at twitch have access to, few engineers at twitch have access to personal data aside from performance metrics of streamers, like payouts, views, etc.
|
|
#
?
Oct 11, 2021 17:56
|
|
|
Any info on how twitch handle old vod? Does it immediately delete them right pass 2 months?
|
|
#
?
Oct 12, 2021 15:43
|
|
|
|
| # ? Apr 19, 2024 07:50 |
|
|
Nyaa posted:Any info on how twitch handle old vod? Does it immediately delete them right pass 2 months? It deletes them after either 2 weeks or 2 months, depending on what combination of account benefits and premium features the streamer has. I severely doubt it secretly holds onto them for much longer.
|
|
#
?
Oct 12, 2021 16:29
|
|