Twitch, Amazon’s popular live video streaming platform, on Thursday said hackers took advantage of a mistake in a server configuration tweak to steal data.
A massive trove of confidential Twitch data dumped on the internet included records showing top game play streamers took in millions of dollars during the past year.
The breach came as another black eye for Twitch’s cyber defenses that have struggled to stop “hate raids” by software “bots” targeting streamers who are not white, male and straight.
“We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party,” the company said in a post.
“Our teams are working with urgency to investigate the incident.”
Twitch had yet to find any sign that log-in information was exposed, but reset access keys to all streamer accounts as a precaution.
“We understand that this situation raises concerns,” Twitch said.
The service, where users often stream live video game play and commentary, confirmed the break-in Wednesday.
– Barrage of abuse –
A post at 4Chan served up 125 gigabytes of data reported to include Twitch source code, records of payouts to streamers, and a digital video game distribution service being built by Amazon Game Studios.
It did not appear that personal Twitch user data was in the dump, but the extent of the hack remained undetermined.
The person who posted the trove of stolen data left a message claiming the break-in was performed to foster competition in video streaming, and because the Twitch community “is a disgusting toxic cesspool,” according to media reports.
Users of Twitch, the world’s biggest video game streaming site, staged a virtual walkout last month to voice outrage over barrages of racist, sexist and homophobic abuse on the platform.
The phenomenon of “hate raids” — torrents of abuse — has seen the platform become increasingly unpleasant for many Twitch streamers who are not white or straight.
The service is suing two users in US federal court, accusing them of orchestrating “hate raids.”
The platform is seeking unspecified cash damages from the pair, identified in the lawsuit as a Netherlands resident behind the account CruzzControl and a Vienna resident with a CreatineOverdose account.
Hate raid targets were often streamers from marginalized groups, such as racial minorities or members of the LGBTQ+ community, according to the filing.
“Defendants attack these streamers by flooding their chats with bot-powered Twitch accounts that spew racist, sexist, and homophobic language and content,” the suit stated.
Bots are software programs that can quickly and automatically fire off messages or other content.
More than 30 million people visit Twitch daily, and the platform hosts more than seven million streamers, according to its website.
