Twitch Source Code and Business Data Leaked (therecord.media) 66
An unknown individual has leaked the source code and business data of video streaming platform Twitch via a torrent file posted on the 4chan discussion board earlier today. From a report: The leaker said they shared the data as a response to the recent "hate raids" --coordinated bot attacks posting hateful and abusive content in Twitch chats -- that have plagued the platform's top streamers over the summer. "Their community is [...] a disgusting toxic cesspool, so to foster more disruption and competition in the online video streaming space, we have completely pwned them, and in part one, are releasing the source code from almost 6,000 internal Git repositories," the leaker said earlier today. The leaker claims that the leak contains the "entirety of twitch.tv, with commit history going back to its early beginnings, mobile, desktop and video game console Twitch clients, various proprietary SDKs and internal AWS services used by Twitch, every other property that Twitch owns including IGDB and CurseForge, an unreleased Steam competitor from Amazon Game Studios, and Twitch SOC internal red teaming tools."
Twitch has confirmed the breach. In a tweet it said, "We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available."
Twitch has confirmed the breach. In a tweet it said, "We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available."
Damn (Score:4, Informative)
Yeah it looks pretty legit. And pretty bad. Here's an initial analysis of some of the contents --> https://sizeof.cat/post/twitch... [sizeof.cat]. I'm thinking their team is busier than a one-legged man in an ass kicking contest right about now.
Re:Damn (Score:5, Informative)
If you want to know how much your favorite streamer is making, Here is the link [pastebin.com]. That's reportedly gross earnings from August 2019 to October 2021.
Re: (Score:2)
Re: (Score:2)
the #1 ranked user grossed almost $10 million. And parents used to tell their kids to stop playing video games because it will rot your brain.
The #1 ranked user plays DnD not video games.
Re: (Score:2)
Re: (Score:2)
It's called...PORN!
Re: (Score:2)
It's called...PORN!
Is there porn with the actual Jesus? The second coming is a serious fetish.
Asking for a friend.
Re: (Score:2)
Yeah but then you'd have to stream.
Re: (Score:2)
The more options for chess players to make money, the better.
Re: (Score:3)
On of the most amazing parts of the data dump is how the GitHub repos for the DB-centric source code had the username/password credentials stored directly in the files. Any rookie knows how to reference them as server-side variables piped in from an .env file. The .env file is excluded/ignored from code commits and thereby harder to expose. Unbelievable. Glad I don't use this Twitch service, and have barely heard of it.
Re: (Score:3)
Yeah from that we can deduce that the source code is filled with security holes, because they aren't thinking about security at all.
Re: Damn (Score:2)
At this scale you don't provision individual servers with env files. You put credentials in a centralize private key store (and then you need credentials for the store) and dynamically spin up server on the fly with automated scaling. It actually gets quite challenging to manage effectively and still give developers easy tools to work locally.
Your point about not putting credentials in source control is spot-on though.
Re: (Score:2)
Glad I don't use this Twitch service, and have barely heard of it.
Justin.tv ring a bell then?
Re: (Score:2)
Are these numbers right? Some of the streamers I know are making half a million, a million a year.
Is that what's paid to them or before Twitch's cut and tax etc?
Re: (Score:2)
Streamers have said that it's accurate.
Re: (Score:2)
1. That's revenue over the period of a bit over 2 years, accumulated - directly from Twitch.
2. This doesn't include sponsorship deals, merch profits, Youtube profits (lots of streamers will post the VODs to YT), and all other sources of revenue outside Twitch itself, but accessible thanks to Twitch fame.
Re: (Score:2)
Does that include StreamLabs donations too or is it just revenue from Twitch itself?
Re: (Score:2)
Reportedly it's only the Twitch revenue.
Re: (Score:2)
I don't necessarily doubt you, but you've said "reportedly" twice now and provided no source.
Re: (Score:2)
You should doubt. I added "reportedly" specifically to indicate that I was unsure of my source.
In these cases I'm quoting what streamers have said but who knows if they were accurate. Better information should come later.
Re: (Score:2)
Thanks for the clarification, was hoping there was a solid source of information out there already.
Re: (Score:2)
Re: Damn (Score:2)
Lines 185 and 186, proof the dark side is more popular than the light side
Re: (Score:2)
Interesting comment on Twitter.
"The #twitchleak is the top 10000 streamers. According to Google, Twitch has 9.2 million monthly active streamers. So the top 10000, is not just the top 1%, but the top 0.1%
And 25% of that top 0.1% do NOT make minimum wage"
https://t.co/9KeFK5PBZQ [t.co]
Seems like a lot of the top streamers had either significant audiences or fame prior to starting. Most streamers never make any real money from the platform, and it usually takes years of grinding to get anywhere. Not a great career.
Re: (Score:3)
According to Google, Twitch has 9.2 million monthly active streamers.
I don't think that's right. Everyone who has a Twitch account counts as a streamer. For example, I technically have a stream even though I have never done anything with it, but Twitch users can follow me and wait forever until the day I turn on my stream.
Most streamers never make any real money from the platform, and it usually takes years of grinding to get anywhere. Not a great career.
I do think that is true.
Chaotic neutral (Score:5, Insightful)
It warms the heart to see hackers leaking code for no reason than to create chaos and revenge. None of this "ransomware" or "get rich from hacking" nonsense.
Do it for the love, not for the money.
Re: (Score:2)
Or the hate because the source code surely isn't going to change human behavior. Because if it could Linux would have us all hugging and singing kumbaya by now.
Re: (Score:2)
No, the problem is that Twitch has a griefer problem. They do nothing but disrupt streams spewing their crap, and Twitch has done little to nothing to fix the problem.
Likely because the problem is in their platform.
The goal of the source code leak isn't to make an open source twitch, it's to basically let everyone go through the code and cause proble
Re: (Score:2)
Surely it's a coincidence that facebook went down at about the same time... I wonder if we can expect a similar leak from there; zuckerberg would lose a lot more than 6 million dollars if that happened.
Re: (Score:2)
Re: (Score:2)
Can it be 60 billion this time? It's all meaningless anyway, since it's not real money, just facebook "value".
Re: (Score:2)
Re: (Score:2)
He doesn't sell his shares, he borrows against them. That way he doesn't have to pay taxes.
Re: (Score:2)
zuckerberg would lose a lot more than 6 million dollars if that happened.
Maybe, but we've seen from many other times that getting hacked has no long-term impact on stock value. Equifax got hacked pretty bad but their stock is higher than ever (and the quality of their code hasn't improved).
Re: (Score:3)
Do it for the love, not for the money.
I think the phrase is, "for the lulz," grandpa.
Re: (Score:3)
lulz? What's that? Is it slang from the 90s?
Re: (Score:2)
It warms the heart to see hackers leaking code for no reason than to create chaos and revenge. None of this "ransomware" or "get rich from hacking" nonsense.
Do it for the love, not for the money.
So you love people breaking into private property just for pseudo-principled shits and giggles. That people vote your dribble "insightful" is a sad indictment on slashdot users in general.
Re: (Score:2)
If you leave your door open, homeless people will wander in. Twitch left the door wide open.
And it's still open.
Re: (Score:2)
If you leave your door open, homeless people will wander in. Twitch left the door wide open.
And it's still open.
Yes, that happens. That is still no reason to celebrate it. You are deeply broken. Get help.
Re: (Score:2)
Human nature. The bad guy always tells the audience why they do what they do. It's like it's in their contract.
Top earners (Score:2)
Searchable list of top earners: https://www.twitchearnings.com... [twitchearnings.com]
Atleast a decent channel is on top (Critical Role, DnD/RPG)
Re: (Score:2)
If there was competition in business, there would be competition in technology. Twitch platform simply has inadequate tools to deal - or allow creators to deal with these raids. And worse, Twitch punishes/bans creators who fail to deal with these raids because Twitch didn't equip them to. And now they decided that filing lawsuits against unnamed users at unnamed locations identifiable only by IP address is the correct course of action dealing with these raids. The incompetence of Twitch's executive staff is
You know there will be a bunch of new attacks (Score:1)
Re: (Score:2)
There are bound to be APIs made for special events or superstar streamers that are going to be instant targets now.
Well, if they're smart, then they may be available only to certain Client-IDs... I imagine a possibility that the near future Twitch may have a mass-invalidation of credentials and everyone has to generate tokens, followed by some serious audit work - or Amazon just stepping in to do a massive overhaul of their times.... Probably end users should expect to say goodbye to product develop
Re: (Score:3)
Am not certain if we're allowed to discuss the contents of the leak in here, but let's simply say that I HEARD that the AWS access keys and tokens are hard-coded in the files. Not even a .env or anything, no. You could simply ctrl+f and find most access keys you're looking for in there.
I did not expect it to be THIS bad from such a big company.
Re: (Score:2)
Those keys most likely aren't production keys.
Re: You know there will be a bunch of new attacks (Score:1)
Re: (Score:3)
Well, not anymore, they're not.
Isn't it just malware? (Score:1)
I clicked on a twitch link once - my fans immediately went full throttle and my CPU meter pegged. I just assumed it was malware / mining crypto / some other bullshit I don't want on my machine, and quickly closed the window.
Never clicked on twitch link again...
Re: (Score:2)
No. First, the video is implemented worse than Youtube's - definitely higher CPU load. Also, chat filled with animated emotes going at a dozen lines per second can make a good CPU squeal. Never mind some streamers add "games" for the audience, played in Javascript, right over the top of the video stream.
Censorship (Score:2, Interesting)
Any read on if or if not The Algorithm is suppressing certain creators or classes thereof?
This is Fine (Score:2)
This is a non-story. After all, it's only an Amazon service that was hacked. Nothing too worrying.
Source Code? (Score:2)
So we can now finally see how terrible Twitch's code really is?