---

What Happened?

On October 6 2021 Twitch, an interactive livestreaming service for content spanning gaming, entertainment, sports, music, and more, was hacked as the source code for its streaming service was leaked. Moreover, an unreleased Steam competitor from Amazon Game Studios and information regarding creator payouts were leaked.

On the 4chan message board, an anonymous poster has posted a 125GB torrent claiming to contain the entirety of Twitch and its commit history.

The poster is said to be intended to "promote further disruption and competition in the online video streaming industry," according to the poster. The Verge has confirmed that the leak is genuine, and that it contains code as recent as this week.

---

What was Leaked?

1. Three years of details regarding the payouts of Twitch creators
2. The entirety of Twitch TV
3. Source codes for the mobile, desktop, and video game console Twitch clients
4. Code related to proprietary SDKs and internal AWS services used by Twitch
5. An unreleased Steam competitor from Amazon Game Studios
6. Twitch's internal security tools
7. Data on other Twitch properties like IGDB and CurseForge

---

How did Someone Exfiltrate 125GB of very Sensitive Data?

After reviewing the darknet traffic, the dark intelligence, has seen high volumes of darknet traffic aimed at Ports 80 and 443, but also a very small percentage of connections aimed at irc.chat.twitch.tv via Port 6667. Internet relay chat (IRC), a popular messaging service in the early 2000s that has progressively fallen in popularity, uses this port. However, a sizable number of individuals still use IRC, including Twitch, which uses it to allow developers to add chat capabilities to their Twitch channel. The main IRC servers were hacked in June 2010, and the download was replaced with a version that was infected with a trojan backdoor.

It's a serious security flaw if Twitch was utilizing a hacked version. Furthermore, because IRC is no longer considered a standard service, an attacker is considerably more likely to identify an unpatched version of IRC to exploit. It's certainly plausible that several gigabytes of data might be retrieved unnoticed from right under Twitch's nose if their internal security monitoring did not monitor IRC. It's also possible to start narrowing down the likely perpetrator of this attack. The fact that the data was widely shared on 4Chan suggests that this was done with the intent of publicly shaming Twitch. Instead, it appears to be the work of a single attacker looking to cause havoc on Twitch. Twitch has been embroiled in a number of recent issues, including the removal of some popular channels for violating the platform's terms and conditions. Aside from an insider, the attack may have been carried out by a Twitch user with an axe to grind and some hacking abilities who was able to infiltrate a large corporation and take their most valuable assets right in front of their eyes, without anybody knowing.