Twitch is in trouble, with the company blaming a server error for a massive data breach
The Twitch hack is real, it is huge, and security experts are stunned by the scope of the attack: "this is as bad as it could possibly be." The hackers claim that this is only "part one," of the leak, which includes the site's source code, unannounced projects such as a Steam competitor, and streamers' earnings.
Twitch released a statement yesterday that was essentially a teaser, and it has now expanded on what it believes happened. According to the Twitch blog:
"We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party. Our teams are working with urgency to investigate the incident.
"As the investigation is ongoing, we are still in the process of understanding the impact in detail. We understand that this situation raises concerns, and we want to address some of those here while our investigation continues."
That is, Twitch is blaming it on a human error: someone set up the company's servers incorrectly, allowing hackers to find and access them. For the time being, it is unclear whether this is a case of human error or something more sinister.
Another thing that this statement reveals is that Twitch is still trying to figure out how bad this is.
Twitch does not say when the breach occurred, despite the fact that the data in the leak dates back three years. Twitch's statement goes on to say that personal information like logins is safe, and that "full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed." It remains to be seen whether the former can be taken at face value.
Twitch will be in full crisis mode behind the scenes because, even if it can figure out what went wrong, that does not change the fact that it did—and what that means now and in the future. The ramifications could be massive, and some of them are beyond the control of even an Amazon-backed company.
Twitch is in for a lot more harm now," said Candid Wuest of cyber-security firm Acronis to the BBC. "Twitch is already being harmed by the breach on all fronts. [This leak] could contain nearly all of Twitch's digital footprint, making it one of the most serious data breaches in recent memory. The influencers will not be pleased if payout reports for streaming clients are made public."