On 6th October 2021, Twitch fell victim to a sophisticated hack, the result of which meant sensitive and confidential information such as its source code, top streamer revenues, 3D emotes, and future plans was leaked to the world. So what happened and what vital lessons do we need to take away from it all?
For those less familiar with the Amazon-owned platform, Twitch describes itself as ‘An interactive livestreaming service for content spanning gaming, entertainment, sports, music, and more… Where millions of people come together live every day to chat, interact, and make their own entertainment.’ It averages around 140 million active users per month, making it a well-used and well-trusted brand – trust they will have to work hard to rebuild.
According to the BBC’s Cyber Reporter, Joe Tidy, ‘If it is all confirmed, it will be the biggest leak I have ever seen – an entire company’s most valuable data cleaned out in one fell swoop’.
The company’s first response to the hack was to assure users that their teams were ‘Working with urgency to understand the extent of this’. They acknowledged that ‘Some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party’. They then reset all stream keys, and many Twitch users changed their passwords, (although Twitch assured users there was no evidence that login credentials were accessed by the hackers).
Those thought to be responsible for the hack, claimed on 4chan that they had done so because they perceived the Twitch community to be ‘A disgusting toxic cesspool’ and they believed the leak would help ‘To foster more disruption and competition in the online video streaming space’.
Commenting on the leak, incovo’s CEO, Chris Thomas, explains; ‘Sadly, data leaks are not uncommon, but to see one on this scale is rare. It just goes to show how important it is to take every necessary action to ensure sensitive data remains secure online at all times. For businesses, that means investing in quality cyber security to protect all confidential information. It also means having digital experts on-hand to minimise potential damage should the worst happen. And it means educating all team members so they fully understand cyber risks and how to avoid them.’
Lessons to be learned from the Twitch hack
- Should your business come under a cyber-attack, act fast. Having a dedicated team of cyber security experts on-hand to deal with any issues the instant they arise can make all the difference to minimising fallout.
- Remain in contact with your clients. Honest and transparent communication is key. If your clients’ personal data has been compromised, they have a right to know immediately so they can take any necessary action, such as changing passwords for example.
- Ensure all staff receive thorough and regular training in cyber security to make them aware of the latest threats to look out for, and make sure they have a designated point of contact to report any suspicious activity.
Protect your business now
incovo is trusted by countless businesses across Scotland and beyond to provide effective cyber security. Working with leading names such as Sophos, incovo specialises in providing anti-virus solutions and anti-malware solutions, ISO 27001, and Cyber Essentials Plus certification.
Get in touch with our team of digital experts on 0345 450 8400 or email firstname.lastname@example.org to book a consultation today.