PowerKee’s Bastion of Privacy #45 — Hackers steal users’ information and platform source code on Twitch
Last week, Facebook, Instagram, and WhatsApp suffered simultaneous outages that created a frenzy on the internet. This week, it was Amazon-owned Twitch who was in the crosshairs. A major breach exposed confidential of Twitch users and the platform’s source code.
In the latest Bastion of Privacy, we explore the details of this incident, along with the implications for user privacy. We also examine the incident within the prism of the larger issues with which Twitch has recently been dealing.
Twitch confirms security breach
Twitch, an interactive video content streaming platform owned by Amazon, is the go-to place for gamers of all kinds. In addition to gameplays, content like music, sports, and entertainment are also streamed on the platform, with creators compensated depending on the traffic their content generates.
On October 7th, 2021, Twitch confirmed that it had suffered a breach in a tweet. Reports disclosed that over 100 GB’s worth of streamer earnings and source code were posted online. The company tweeted that it would “update the community as soon as additional information is available”.
Fortnite Streamer BBG Calc acknowledged that the figures accurately reflected his earnings from the platform. Other gamers who were impacted include Dungeons & Dragons channel CriticalRole, xQC, and Summit1g. In a follow up tweet, Twitch announced that all users’ stream keys had been reset “out of an abundance of caution”. Members of the community were advised to use their dashboards to receive their new stream keys.
In addition to streamer earnings, metadata posted to 4chan appeared to show data folders named for important software development areas such as “core config packages”, “devtools”, and “infosec.” Critically, the folder the hacker leaked these documents in were labelled “part one”, which suggests there might be more data that was stolen.
Hacker takes aim at Twitch’s centralized tendencies
Twitch later clarified that the data exposure occurred due to a “server configuration change that was subsequently accessed by a malicious third party.” Meanwhile, the malicious third party was releasing statements of their own. In a 4chan post, the hacker claimed to have carried out the hack to hinder Twitch’s near monopoly over the gaming world and to “promote competition amongst video streaming platforms”.
The hacker also noted that Twitch’s community was a “toxic, disgusting cesspool” in what is a clear reference to the “hate raid” phenomenon that has afflicted the platform recently. Coordinated harassment from streamers on the basis of color, sex, and sexual preferences have become normal, with many streamers alleging that Twitch does nothing to address the issue, beyond making a few PR-related moves.
Hack highlights need for decentralized privacy
This breach of the privacy of users once again highlights how centralized security infrastructure is vulnerable. Decentralization offers the best solution. For instance, cryptocurrency networks like PowerKee allow users to transfer value while maintaining anonymity. Such platforms remove a single point of weakness and remove any incentives hackers might have.
Twitch has assured users that log-in and financial details have not been compromised. Users scramble to change their passwords in hopes that the incident does not exacerbate.
PowerKee is a cryptocurrency network that makes privacy easy. Users can transact cheaply and instantly while maintaining anonymity. The PowerKee protocol uses a mixture of zero-knowledge proofs and coin mixing to provide strong privacy to its users.