Twitch blames data breach on server configuration error

The massive data leak allegedly included the streaming platform's source code and data on creator payouts.

Carrie Mihalcik Former Managing Editor / News
Carrie was a managing editor at CNET focused on breaking and trending news. She'd been reporting and editing for more than a decade, including at the National Journal and Current TV.
Expertise Breaking News | Technology Credentials
  • Carrie has lived on both coasts and can definitively say that Chesapeake Bay blue crabs are the best.
Carrie Mihalcik
3 min read
Twitch took a step toward reducing the hate on its platform
Getty Images

Twitch on Wednesday confirmed what appears to be a large data breach, pointing to an "error in a Twitch server configuration change" that exposed some data to the internet. The leaked data allegedly includes the Amazon-owned streaming platform's source code, reports on creator payouts and details about an unreleased Steam competitor from Amazon Game Studios

An anonymous hacker on Wednesday posted a 125GB torrent containing the information to the 4chan message board, as earlier reported by Video Games Chronicle. The publication said an anonymous company source confirmed the leaked data is legitimate. The Verge also reported that it was able to confirm the leak

In a tweet Wednesday, Twitch confirmed the breach. The company will follow up with more details in a blog post later, saying that it was still working to understand the full impact of the incident.

"We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party," the company wrote. "Our teams are working with urgency to investigate the incident."

Twitch said there's no indication that login credentials were exposed. The streaming platform also said "full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed."

Twitch is one of the world's top streaming sites, with roughly 2.5 million people viewing streams at any given moment. Twitch became popular as a way for gamers to share livestreams of them playing video games, giving spectators a chance to discuss what's happening on screen and pay for it via subscriptions. Twitch has since expanded to become a place where people share cooking lessons, stream travel experiences and just chat, though gaming remains a huge draw. Twitch was acquired by Amazon for $970 million in 2014 as part of the retail giant's gaming push.

The Twitch leak allegedly includes details on creator payouts; source code for mobile, desktop and video game console Twitch clients; code related to proprietary SDKs and internal AWS services; an unreleased Steam competitor from Amazon Game Studios; data on other properties owned by Twitch; and internal security tools, according to Video Games Chronicle. CNET hasn't independently verified the leaked data.

The leaked data reportedly shows that Twitch's top streamers made millions of dollars on the platform over the past three years. Multiple streamers confirmed to BBC News that the earnings list shared in the leak had accurate figures. 

Images of the earnings lists shared on social media appear to show Critical Role, a Dungeons & Dragons web series, as the top earner from August 2019 to October 2021, followed by other popular streamers including xQC and summit1g.

The leak is labeled part one, suggesting there may be more to come. The hacker didn't say what other data they may plan to release. In the 4chan post, they also take a dig at Amazon founder Jeff Bezos, saying Jeff "Bezos paid $970 million for this, we're giving it away FOR FREE."

In recent months, the platform has faced criticism for a lack of action against hate and harassment. In September, a group of streamers went dark as part of a #ADayOffTwitch to call attention to "hate raids," a form of harassment where people unleash a bot army to abuse a streamer. 

Last month, Twitch filed a lawsuit against two individuals who allegedly conducted hate raids. The company has also implemented tools that help streamers to filter out harassment in a channel's chat.

Twitch said it didn't have additional comment on the breach at this time.