Credential Attackshigh

Twitch Source Code Leak: 125GB of Internal Data from Credential Misuse

An anonymous attacker published 125GB of Twitch's internal data — including full source code, creator payout data, and internal security tools — citing a desire to "foster more disruption" in the gaming streaming market.

Twitch / Amazon·2021·2 min read

Background

Twitch is Amazon's video game live streaming platform with over 30 million daily active users. On October 4, 2021, an anonymous post on 4chan published a 125GB torrent containing what was claimed to be Twitch's internal data.

The Attack

The published data included: Twitch's entire source code with commit history, internal security tools, proprietary SDKs, creator payout data for the top 81,000 streamers (three years of income data), an unreleased game codebase (Steam competitor), and internal red team tools. The attacker cited "a poisonous community" at Twitch as motivation. Twitch confirmed the breach within hours. The source of the breach was never fully confirmed publicly but appeared to involve compromised internal credentials providing access to source code repositories and internal systems.

Response

Twitch reset all stream keys, requiring all streamers to update their settings. The company stated that passwords had not been exposed. The payout data triggered significant media coverage and debates about creator income. Twitch launched an investigation and tightened access controls.

Outcome

The payout data publication was particularly damaging — it exposed the incomes of thousands of content creators to public scrutiny and created tension within the creator community. Source code exposure potentially allows identification of vulnerabilities in Twitch's proprietary systems.

Key Takeaways

  1. Source code exposure enables vulnerability research by adversaries — treat source code repositories as critical assets
  2. Creator/customer financial data is highly sensitive and must be access-controlled separately from general application data
  3. Leaked security tools (red team tooling) can be reverse-engineered and repurposed by attackers
  4. Stream keys and API tokens must be immediately rotated when access to their storage systems is compromised
source code leakpayout dataTwitchinternal toolscredential access

More in Credential Attacks

2024critical

Snowflake Credential Theft: Ticketmaster, AT&T, and 160 Others Breached via Stolen Logins

2 min readCredential Attacks
2009high

RockYou: 32 Million Plaintext Passwords Teach the World About Password Storage

2 min readCredential Attacks
2012high

Dropbox 2012: 68 Million Passwords Exposed Because an Employee Reused a Password

2 min readCredential Attacks