Twitch points to 'malicious third party' for recent site hack


Working to establish what data has been breached

Twitch has offered a brief update on its initial findings regarding this week’s hack, which saw over 120GB of data, code, developer tools, and more leaked from the site and uploaded onto public domains. At this time, Twitch is stating that an external third party is responsible for the hack, having capitalized on a server configuration exploit.

“We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party,” reads the brief statement. “Our teams are working with urgency to investigate the incident.”

“As the investigation is ongoing, we are still in the process of understanding the impact in detail. We understand that this situation raises concerns, and we want to address some of those here while our investigation continues.”

Twitch goes on to state that there is “no indication” that login details nor any payment information of its users have been accessed. The site continues its investigation into the security breach, and will no doubt keep its community updated. In any case, it’s probably wise for Twitch users to reset their stream keys and update any associated passwords.

The hack, believed to have initially taken place on Monday, has seen crucial software and documentation laid bare to the public. This includes Twitch’s own security tools, full Creator payment records, archived comment sections, and even the bones of associated projects, such as IGDB, early CurseForge builds, and a conceptual version of “Vapor”: an abandoned Steam-style dashboard developed by Amazon Game Studios.