Livestreaming platform Twitch was recently hacked, hard, and a huge chunk of yoinked data was leaked publicly yesterday. Source code for the site and loads of Twitch projects were shared in a 128GB torrent, along with earnings numbers for streamers. Twitch say they "are still in the process of understanding the impact in detail" but so far, it seems login credentials and credit card numbers are safe. They have also reset stream keys, just in case.
"We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party," the company said in a statement posted overnight. "Our teams are working with urgency to investigate the incident."
The leak appeared to include source code for Twitch's website, an unreleased so-called "Steam competitor" platform from Amazon, Twitch-owned services like IGDB and CurseForge, security-testing tools, the various Twitch clients, and more. The leaker also dropped in payout financial data for streamers from 2019 to now, which unsurprisingly is what most caught the public eye. But while loads of their stuff got stolen, apparently some of your stuff is fine.
"At this time, we have no indication that login credentials have been exposed. We are continuing to investigate," Twitch said in their new statement.
"Additionally, full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed."
They've also taken steps to ensure wrong'uns can't stream from your account, just in case that info got out. "Out of an abundance of caution, we have reset all stream keys," says an e-mail sent to Twitchers this morning. Depending on which streaming software you use, you might need to feed it the new code before you can go live again.
Whole lot of personal information still got out there. The payout numbers, yeesh. While people could always estimate subscriber earnings from the sub count, seeing numbers laid out in a list has sent looky-loos into a judgmental frenzy.
I'd still change your password too, if I were you. Just in case. And make sure you've enabled two-factor authentication.