Along with three years worth of Twitch creator payout information, the leak also included:
- The entirety of twitch.tv, “with commit history going back to its early beginnings.”
- Source code for the mobile, desktop, and console clients.
- Code related to proprietary SDKs and internal AWS services used by Twitch.
- An unreleased Steam competitor from Amazon Game Studios.
- Data on other Twitch properties like IGDB and CurseForge.
- Twitch’s internal security tools.
To explain this further, commit history is a compiled archive of changes and revisions made to the site. SDK stands for software development toolkit and is a set of software tools and programs that developers can use to build applications for specific platforms. AWS stands for Amazon Web Services, which Twitch uses to run various functions on the platform.
Coming just one week after Twitch announced upcoming security features to help combat against hate raids and bot accounts, this hack could set back that progress by months. The specific motive or catalyst for the hacker is unknown, but they did use #DoBetterTwitch to promote the leak. This was a hashtag heavily used by those who protested Twitch in August for the company’s lack of action towards the ongoing hate and harassment on the platform.
While personal data wasn't included in this leak, that doesn't mean that it won't be included in the next one.
Here are a few ways to help strengthen your account security:
- Turn on Two-Factor Authentication
- Use a password that’s difficult to guess that includes numbers, symbols, and capitalized lettering
- Connect through secure Wi-Fi
- Change your password every 90 days
Twitch tweeted out a confirmation that it suffered a major data breach. They stated, “Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available.”