Twitch Hack Leaks Over 100 GB of Source Code, Creator Earnings

In a shocking turn of events that shook the Internet at large, streaming platform Twitch seems to have become the victim of a hack. A massive torrent containing 150 gigabytes worth of Twitch information was posted on 4chan's boards, available for all to download and sift through at their leisure.

The massive leak includes a staggering amount of sensitive information related to not just Twitch, which is owned by Amazon, but also to an undisclosed project that Amazon seems to intend to launch as a competitive platform to Valve Corporation's Steam - arguably the dominant name in PC digital game distribution.

The leak contained the entire source code of the Twitch streaming platform and website, going back to early versions, as well as the source for the applications Twitch offers on both desktop and mobile. The source code to the Steam competitor project, tentatively named Vapor, is also included in the leak. The humor in naming a Steam competitor "Vapor" is probably appreciated by everyone who picked up on the leak.

The torrent posted on 4chan also included details and figures concerning the payouts that content creators on Twitch received, going back 36 months. The figures are a curious glimpse into something that many were probably curious about and reveal that top content creators on the platform, including celebrities like dungeon master extraordinaire Matt Mercer and shooter game superhero Michael 'Shroud' Grzesiek, make millions of dollars a year from the platform.

Twitch has officially confirmed the breach but has not detailed the full extent of the damage done or the breadth of information that was exfiltrated from the platform. The leak did not contain any usernames and passwords, but it was also flagged as 'part one', implying more data may be leaking soon.

The platform has issued advice to all users to turn on multi-factor authentication linked with a mobile device, even though it has not released any information about illegal access to user login credentials. The legitimacy of the leak has been confirmed by multiple websites and outlets, including the fact that all source code in it is real and nothing seems spoofed or made up.

October 7, 2021