In a Friday update, Twitch downplayed the severity of this month’s massive security incident assuring users that “the customer impact is minimal” after a 125GB cache of its internal data was leaked online.
The exposed data mostly contained documents from Twitch’s source code repository and payout figures for streamers on the platform, according to a company blog post. The leak did not include Twitch passwords, and Twitch said it’s “confident” its systems that store user login credentials, credit card numbers, and bank information were not accessed.
“We’ve undergone a thorough review of the information included in the files exposed and are confident that it only affected a small fraction of users and the customer impact is minimal,” Twitch said. “We are contacting those who have been impacted directly.”
Its internal investigation into the Oct. 6 leak remains ongoing. So far, Twitch has traced it back to a hiccup with a server configuration update that let an anonymous hacker slip through, make off with the data, and dump it en masse as a torrent on 4chan. The culprit claims to have carried out the massive leak to “foster more disruption and competition in the online video streaming space.” To add insult to injury, they also called Twitch a “disgusting toxic cesspool,” one that has been “completely pwnd” by the security incident.
The leaked data, which also included internal company documents and red teaming tools, caused a massive stir in the streaming community about how much money some of the platform’s biggest stars make. Critical Role, a role-playing, tabletop game show, raked in roughly $10 million from Twitch over the past two years, making it the highest-paid channel on the platform, according to data. Other top streamers like Félix “xQc” Lengyel and Hasan “Hasanabi” Piker made millions of dollars from subscriptions and other Twitch features dating back to 2019. Fans discovering that a lot of their favorite streamers are actually millionaires stirred up no small amount of controversy.
In the weeks since, Twitch has fixed the vulnerability with its configuration updates and taken steps to beef up its security systems.
“We take our responsibility to protect your data very seriously,” the company said Friday. “We have taken steps to further secure our service, and we apologize to our community.”