Expert Cybersecurity Comment | Twitch Data Breach

BACKGROUND:

It has been reported that Amazon’s video streaming service Twitch was hacked Wednesday in a breach that included details on payments to content creators and an unreleased product from Amazon Game Studios. The anonymous hacker said they were releasing the information to “foster more disruption and competition” in the online video streaming world, and called the Twitch community a “disgusting toxic cesspool” in a post to the anonymous message board platform known as 4chan. Twitch confirmed the hack in a tweet, but did not provide details on the extent of the hack and what data was obtained.

Experts Comments

October 11, 2021
Vaibhav Mehrotra
CEO, Secuvy
Secuvy

“99% of companies today don't know where all their private customer data is stored within their systems and applications, and if you don't know where it is, you can't secure it. Given what we know about the attack, it's likely that private user information, such as names, emails and mailing addresses were also compromised.

 

“If personal data has been compromised, this could lead to millions of dollars in privacy fines, for example, in breach of GDPR and CCPA regulations, and possibly others.

.....Read More

“99% of companies today don't know where all their private customer data is stored within their systems and applications, and if you don't know where it is, you can't secure it. Given what we know about the attack, it's likely that private user information, such as names, emails and mailing addresses were also compromised.

 

“If personal data has been compromised, this could lead to millions of dollars in privacy fines, for example, in breach of GDPR and CCPA regulations, and possibly others. Today, over 100 countries have privacy laws. Once the forensic investigation into the issue is complete, all privacy laws that may have been violated here will become clear.

 

“Social media platforms store huge amounts of personal data, including unstructured and structured data. Personal data held inside organizations comes in all forms today, not only in text, but also in images and even videos.

 

“The problem is technologies can't find all this private, unstructured data across multiple sources, and they can't create the necessary context around the data to help organizations reduce risk.

 

“With the exponential growth of personal data they store, organizations need to have data hygiene practices in place and perform constant data security assessments to understand, locate and classify sensitive data and create security controls around it. They also need full visibility of data at rest in order to reduce risk.”

  Read Less
October 08, 2021
Katie Petrillo
Senior Manager, LastPass Product Marketing
LogMeIn

Recent reports of data breaches from companies such as Facebook and Twitch might be making people nervous. However, when it comes to cyber security, it is better to be proactive than reactive. The type of information stolen can vary, so if you are affected by any breach, pay attention to the company's advice about the leaked information and what the appropriate action is. The breached company may offer credit monitoring if hackers use the leaked data for financial fraud, for example.

When a

.....Read More

Recent reports of data breaches from companies such as Facebook and Twitch might be making people nervous. However, when it comes to cyber security, it is better to be proactive than reactive. The type of information stolen can vary, so if you are affected by any breach, pay attention to the company's advice about the leaked information and what the appropriate action is. The breached company may offer credit monitoring if hackers use the leaked data for financial fraud, for example.

When a company says they stopped the attack and contained the damage, there are three steps to take. Firstly, you should always change your account password. Leaked passwords are usually sold on the dark web or added to databases that hackers use to crack passwords. Changing a breached password ensures hackers can't log in to your account. If you were using the same password for other web accounts, those need to be changed immediately too.

Secondly, consider using a password manager which can help create and store strong passwords, then enter your credentials when you return to a website to log in. Some can also help you keep an eye out for suspicious activity involving your personal information on the Dark Web so you can take action accordingly.

Thirdly, use two-factor authentication to make your accounts more secure. This is when you use an app to generate a code or get a notification on your device and helps to prove the person logging into the account is who they say they are. Any unauthorised access therefore gets shut down in real-time.

  Read Less
October 08, 2021
Liam Jones
Threat Analyst
Netacea

We’ve seen a lot of good advice to anyone with a Twitch account—change your password, change other passwords if you reused it, and switch on two-factor authentication. But this alone won’t keep streamers and their fans safe.

Some hackers will take advantage of the fear of a password breach to send out phishing emails: Due to the recent breach, we are forcing all our users to change their passwords. This is actually a way to steal passwords when users are asked for their “old password”.

.....Read More

We’ve seen a lot of good advice to anyone with a Twitch account—change your password, change other passwords if you reused it, and switch on two-factor authentication. But this alone won’t keep streamers and their fans safe.

Some hackers will take advantage of the fear of a password breach to send out phishing emails: Due to the recent breach, we are forcing all our users to change their passwords. This is actually a way to steal passwords when users are asked for their “old password”. Even experienced users have been known to fall for this trick.

The leaked details of the “Top 100” streamers are also a worry for Twitch. Extra information like this can be used in highly targeted “spear-phishing” attacks, a more personal approach to taking over accounts and stealing data.

Basic password hygiene is a great start, but we need better awareness of the ways breaches can be used to fool and frighten people into poor judgments that will give their details away.

  Read Less
October 08, 2021
Danny Lopez
CEO
Glasswall

The volume of data which the hackers of Twitch have gained access to is concerning. Such sensitive information such as source codes and financial information should be protected by the highest levels of security. With 15 million daily users, Twitch holds significant amounts of data, much of which contains personal information about its customers. It is essential that a proactive approach is taken to cybersecurity in order to protect such information - once hackers have access to systems, there

.....Read More

The volume of data which the hackers of Twitch have gained access to is concerning. Such sensitive information such as source codes and financial information should be protected by the highest levels of security. With 15 million daily users, Twitch holds significant amounts of data, much of which contains personal information about its customers. It is essential that a proactive approach is taken to cybersecurity in order to protect such information - once hackers have access to systems, there is little else that can be done. At a time like this when details are unclear, Twitch users should also take immediate steps, which includes changing their passwords and enabling two-factor authentication. 

But even when all procedures and policies are well-executed, there's no escaping the fact that adversaries are constantly looking to probe vulnerabilities. Often this is as simple as inserting malware using documents and files shared in their hundreds every day in a business environment. It's vital organisations invest in cyber protection services that stay ahead of attackers by eliminating the threats while still allowing both internal users and external customers to use the systems as expected. 

Attacks like these demonstrate that a traditional castle-and-moat approach to network security leaves organisations exposed. Zero trust security sees the world differently. No one is trusted by default, regardless of whether they are inside or outside a network. In a world where data can be held amongst multiple cloud providers, it is crucial to strengthen all processes relating to access verification. Without a zero-trust approach, organisations run the risk of attackers having a free reign across a network once they are inside.

  Read Less
October 07, 2021
Mark Bowling
Vice President of Security Response Services
ExtraHop

The 48 hour disclosure requirement is an important step in our ability to understand the scope of and combat the advanced extortionate threat known as ransomware. Right now, we almost certainly vastly underestimate the scope of the problem because victims of ransomware attacks have no reason to disclose the information. Disclosure to US authorities is a critical first step, but it’s not enough. If the victim organization happens to be part of critical infrastructure, then they should also be

.....Read More

The 48 hour disclosure requirement is an important step in our ability to understand the scope of and combat the advanced extortionate threat known as ransomware. Right now, we almost certainly vastly underestimate the scope of the problem because victims of ransomware attacks have no reason to disclose the information. Disclosure to US authorities is a critical first step, but it’s not enough. If the victim organization happens to be part of critical infrastructure, then they should also be required to report the attack and subsequent payment to any associated departments that have regulatory authority or interest over that infrastructure. If the ransom disclosures are subject to FOIPA, the bill should also require that companies provide notice to shareholders and to their board of directors. Finally, even if individual ransom payments are not subject to public disclosure via FOIPA, the government should be required to report aggregate data about ransom attacks and payments to Congress, the GAO, and other interested parties.

  Read Less
October 07, 2021
June Werner
Cyber Range Engineer
Infosec Institute

This morning a 125 GB leak of Twitch's data was made public. This leak includes the entirety of Twitch's source code, the history of the source code, creator payout reports, proprietary development kits, an unreleased competitor to Steam, and internal security tools. This leak also describes itself as "part one", meaning the leakers may have more data that they have not released and are planning to release at a future date. The release of Twitch's source code may make it easier for malicious

.....Read More

This morning a 125 GB leak of Twitch's data was made public. This leak includes the entirety of Twitch's source code, the history of the source code, creator payout reports, proprietary development kits, an unreleased competitor to Steam, and internal security tools. This leak also describes itself as "part one", meaning the leakers may have more data that they have not released and are planning to release at a future date. The release of Twitch's source code may make it easier for malicious actors to find exploits on Twitch's platform in the future. The details of what personal data the leakers may have had access to are not yet known, but in the meantime, the best action users of Twitch can take to protect themselves is to change their Twitch password, enable Two-Factor Authentication, and ensure that they are not using their old Twitch password for any other accounts.

  Read Less
October 08, 2021
Bob Rudis
Chief Data Scientist
Rapid7

What happened to Twitch can happen to almost any organisation, though their particular service niche likely made them a higher priority target for some groups. There is also some irony this disclosure comes during the traditional Cybersecurity Awareness Month. While the leak of information is distressing, even more troubling is that the attackers were able to obtain tools and plans of the cybersecurity teams that were used to defend the organisation from such adversaries. It makes sense

.....Read More

What happened to Twitch can happen to almost any organisation, though their particular service niche likely made them a higher priority target for some groups. There is also some irony this disclosure comes during the traditional Cybersecurity Awareness Month. While the leak of information is distressing, even more troubling is that the attackers were able to obtain tools and plans of the cybersecurity teams that were used to defend the organisation from such adversaries. It makes sense — from an attacker's perspective — to try to understand what the defenders are liable to do so you can work around those defences.

We often focus much of our security awareness attention and protections on ‘normal’ users, which can cause us to take our eyes off of systems and networks used by defenders. Now would be a great time for all cybersecurity teams to re-think how they manage and secure their own systems/data/tools and, perhaps, have a separate set of out-of-band plans that include how to respond to a breach of their own tools/data.

This is also a good time to remind organizations that using modern deception techniques/practices can be of great benefit. Having a lookalike LAN segment or three which has file servers, mail systems, and workstations — but contain false data — surrounded by telemetry — can be a very effective way to know when an attack is in-progress while not putting real systems/data at risk.

  Read Less
October 08, 2021
John Smith
EMEA CTO
Veracode

The importance of robust software security tools and practices cannot be underestimated. Research shows that 76 percent of applications today contain some sort of security flaw. Since flaws in source code can be exploited by a hacker, regular scanning to find and fix vulnerabilities is imperative. This attack on Twitch is a prime example of how the digital attack surface is growing larger every day, meaning hackers have more endpoints to target. The perimeter is officially ‘dead’.

.....Read More

The importance of robust software security tools and practices cannot be underestimated. Research shows that 76 percent of applications today contain some sort of security flaw. Since flaws in source code can be exploited by a hacker, regular scanning to find and fix vulnerabilities is imperative. This attack on Twitch is a prime example of how the digital attack surface is growing larger every day, meaning hackers have more endpoints to target. The perimeter is officially ‘dead’. Commonplace vulnerabilities and attack tools or techniques can have devastating consequences, so businesses must ensure they are championing software security at all levels of the organisation.

  Read Less
October 08, 2021
Jonathan Knudsen
Senior Security Strategist
Synopsys

The Twitch breach highlights a few important points about cybersecurity. First, adversaries come in many forms with many motivations. In this particular incident, an attacker with ideological motivation compromised Twitch’s systems and published a huge amount of data. Organisations should consider all types of threats, from casual opportunists to cybercriminals seeking money to nation states pursuing geopolitical gain. 

"Second, incident response is critically important. When something goes

.....Read More

The Twitch breach highlights a few important points about cybersecurity. First, adversaries come in many forms with many motivations. In this particular incident, an attacker with ideological motivation compromised Twitch’s systems and published a huge amount of data. Organisations should consider all types of threats, from casual opportunists to cybercriminals seeking money to nation states pursuing geopolitical gain. 

"Second, incident response is critically important. When something goes wrong (and something always goes wrong), organizations must have plans in place for a quick and effective response. This response needs to address business continuity (keeping the lights on), customer communication, and recovery. Most importantly, incident response must include a port-mortem analysis which feeds back to improve defenses. 

"Third, security by obscurity never works. Cybersecurity experts just assume that attackers have access to the source code of software. Given enough time and resources, attackers can usually reverse engineer software applications to understand how they work. In the case of the Twitch breach, everyone in the world now has direct access to the Twitch source code. Whatever Twitch was doing for application security, they need to redouble their efforts. Anyone can now run static analysis, interactive analysis, fuzzing, and any other application security testing tools . Twitch will need to push their application security to the next level, finding and fixing vulnerabilities before anyone else can find them.

  Read Less
October 08, 2021
Jake Moore
Cybersecurity Specialist
ESET

This leak appears to be full of highly sensitive data and those affected must act fast to protect their information and identity. Although the stolen passwords are encrypted, if those passwords are not unique, the potential of them being reverse engineered is increased and they must therefore be changed on other accounts too.  

The leaked source code will also be damaging to Twitch itself, which has remained a highly sought after target, carrying huge kudos amongst the criminal hacking

.....Read More

This leak appears to be full of highly sensitive data and those affected must act fast to protect their information and identity. Although the stolen passwords are encrypted, if those passwords are not unique, the potential of them being reverse engineered is increased and they must therefore be changed on other accounts too.  

The leaked source code will also be damaging to Twitch itself, which has remained a highly sought after target, carrying huge kudos amongst the criminal hacking community. 

With regular action taken against Twitch, even boycotting of the site and more data to be released, this could be extremely damaging to their reputation as well as financially.

  Read Less
October 08, 2021
Jarno Niemelä
Principal Researcher
F-Secure

This leak is very serious for Twitch, but the question is what effects this will have for the regular Twitch user. 

As password hashes have leaked, all users should change their passwords, and use 2FA if they are not doing so already. 

But as the attacker indicated that they have not yet released all the information, anyone who has been a Twitch user should review all information they have given to Twitch and see if there are any precautions they need to make so that further private information

.....Read More

This leak is very serious for Twitch, but the question is what effects this will have for the regular Twitch user. 

As password hashes have leaked, all users should change their passwords, and use 2FA if they are not doing so already. 

But as the attacker indicated that they have not yet released all the information, anyone who has been a Twitch user should review all information they have given to Twitch and see if there are any precautions they need to make so that further private information isn’t leaked. 

And while it won’t help in this case as data has already leaked, users should always be cautious on what kind of information they provide to any social media platform.

  Read Less
October 07, 2021
Trevor Morgan
Product Manager
comforte AG

The most alarming part of the breaking news that a hacker may have severely compromised Twitch, the live streaming service that specializes in video game live streaming and broadcasts, is that the purported breach hits at the heart of any enterprise: its IP and its user base. Most companies, especially those in software, technology, and entertainment, are monetized based on the value of their user base (number of users, growth in user base) and intellectual property (usually their code and

.....Read More

The most alarming part of the breaking news that a hacker may have severely compromised Twitch, the live streaming service that specializes in video game live streaming and broadcasts, is that the purported breach hits at the heart of any enterprise: its IP and its user base. Most companies, especially those in software, technology, and entertainment, are monetized based on the value of their user base (number of users, growth in user base) and intellectual property (usually their code and inventions, and the market success of both).

Organizations should learn from this situation and treat all of their information (IP, specifications, development plans, code, and customer/user information, just to name a few) as highly sensitive and therefore protect it with multiple layers of security, including data security. They need to assume that breaches will occur—not that they might occur—and plan for the eventuality that the wrong people may actually get to and apprehend sensitive data. Therefore, the goal first and foremost should always be to protect the data itself where applicable with data-centric security such as format-preserving encryption and tokenization. Threat actors will penetrate any perimeter put in place to keep them out—protecting the data itself will render that ultimate prize worthless on the black market and blunt the negative repercussions of a successful hack.

  Read Less
October 07, 2021
Tony Pepper
CEO
Egress

This hack shows that any organisation, no matter how large, can be the target of a cyberattack. This hack has exposed highly sensitive operational data, including Twitch’s source code, once again highlighting to organisations the importance of taking the right steps to secure their data. If the hacker’s motivation was to cause significant disruption for Twitch, it looks like they’ll achieve that goal.

This hack also potentially leaked sensitive user data, including encrypted passwords, which

.....Read More

This hack shows that any organisation, no matter how large, can be the target of a cyberattack. This hack has exposed highly sensitive operational data, including Twitch’s source code, once again highlighting to organisations the importance of taking the right steps to secure their data. If the hacker’s motivation was to cause significant disruption for Twitch, it looks like they’ll achieve that goal.

This hack also potentially leaked sensitive user data, including encrypted passwords, which means that Twitch users are also at risk of follow-up attacks, especially for the 65% of people who use the same password across multiple accounts. This breach could be hugely damaging for Twitch and could dent users’ trust in the company’s ability to keep sensitive data safe. We’d advise Twitch users to change their passwords as soon as possible, and to ensure that they’ve enabled multi-factor authentication for additional protection.

  Read Less
October 07, 2021
Hank Schless
Senior Manager, Security Solutions
Lookout

Based on feedback from the security community, it appears that the claims of what type of data was involved in this breach are legitimate. That being said, we won’t know the full extent of the leak until Twitch is able to release more details. 

While validation is ongoing, it appears that the content of the leak is aligned with what the leaker themselves claim is in the 125GB file. This includes Twitch clients across mobile, desktop and console, proprietary SDKs, other services owned by Twitch,

.....Read More

Based on feedback from the security community, it appears that the claims of what type of data was involved in this breach are legitimate. That being said, we won’t know the full extent of the leak until Twitch is able to release more details. 

While validation is ongoing, it appears that the content of the leak is aligned with what the leaker themselves claim is in the 125GB file. This includes Twitch clients across mobile, desktop and console, proprietary SDKs, other services owned by Twitch, unreleased gaming platform data, and even payout reports for the streamers themselves. 

Across Twitter, members of the infosec community are validating data in the leak - in particular the payout reports for Twitch creators. Based on the commentary from the user who allegedly leaked the data out on 4chan, this looks like a highly targeted attack. Without additional details, it’s difficult to speculate how this individual was able to gain access to so much data. 

In other attacks, such as ransomware, an attacker will often acquire legitimate credentials through phishing campaigns then use those credentials to navigate the organization’s infrastructure. In these cases, the attacker will usually locate particularly valuable or sensitive data and encrypt it for ransom. This attack looks different because it’s not just one service or data type that was leaked – it spans almost every aspect of the Twitch platform including incredibly private proprietary data. 

Regardless of how the user was able to get their hands on all of this data, the incident highlights how important it is to have visibility into every aspect of your infrastructure. Organizations in every industry have a massive and complex mix of cloud and SaaS apps, private apps, and on-prem infrastructure. This makes it difficult to catch tell-tale signs of anomalous behaviour or massive data extraction across every one of those apps and services. Cloud access security broker (CASB) and zero trust network access (ZTNA) can help identify anomalous insider behaviour that could be threatening, mitigate the risk of unauthorized users gaining access to the infrastructure, and grant stronger visibility into how users and devices interact with your data.

  Read Less
October 07, 2021
Jordan Dunne
Security Consultant
Edgescan

It is probable that Twitch is undergoing an internal investigation at the moment, but Twitch has a responsibility to notify its users as to the full effects of this leak. It is recommended that users change their passwords and enable two factor authentication on their accounts as soon as possible. Leaks from any industry can be harmful, but Twitch is a platform in which it is possible for users to make a living and it is obviously not good that these users’ information, such as their

.....Read More

It is probable that Twitch is undergoing an internal investigation at the moment, but Twitch has a responsibility to notify its users as to the full effects of this leak. It is recommended that users change their passwords and enable two factor authentication on their accounts as soon as possible. Leaks from any industry can be harmful, but Twitch is a platform in which it is possible for users to make a living and it is obviously not good that these users’ information, such as their earnings, are now public. For example, users may become targets for criminal activity now their revenue has become publicly accessible.

The fact that the poster claims that this is ‘Part One’ of the leak is troubling, and without any comments from Twitch, it is not enough to hope that payment information and unencrypted passwords will not be included in the near future.

Also, what is very troubling is the amount of organisational information such as source code and security tools that have been disclosed in the leak. This could allow malicious attackers to release modified versions of Twitch’s applications and distribute them online, leading to further attacks. The release of the internal ‘red-team’ tools will allow attackers to identify weaknesses in the testing and perhaps even highlight potential attacks available on the platform.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.