Twitch confirms hack after source code and creator payout data leaks online

A huge cache of source code repositories, creator payouts and other internal data from Twitch has been published online after a data breach, the company has confirmed.

In a post on Tuesday (but which was widely circulated on Wednesday), a leaker claims to have taken the video game streaming giant’s source code, as well as proprietary SDKs, or software development kits, which let developers integrate Twitch into their apps and services. The leaker also said they took unreleased software and, allegedly, the company’s red team tools.

The leaker says the cache, seen in part by TechCrunch, is “part one,” suggesting more data is expected to leak. The news was first reported by Video Games Chronicle, which said Twitch was internally “aware” of the leak on Monday.

Twitch confirmed the breach in a tweet on Wednesday. “We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available,” the tweet read.

A spokesperson for Twitch, when reached, declined to comment beyond its tweet.

The leaker’s listing. (Image Credits: TechCrunch/screenshot)

Streamers were quick to lend credence to the early reports of an apparent breach after creator payout figures were also leaked. (TechCrunch is not linking to the data since it contains personal information.) The data contains payouts for each Twitch user, some of which reach into the six-figures and more.

Several Twitch streamers have confirmed that the leaked records match their own. “I looked at a line from June 2019 and literally 100% match to the information showing on my analytics on my dashboard,” said one user.

The leak of internal source code could also represent a security risk, since it now allows practically anyone to search for security vulnerabilities in the code.

The breach comes almost exactly a month after Twitch streamers took September 1 to protest the company’s lack of action against “hate raids,” where bots are used to flood other streamers with hate and harassment.

Amazon bought Twitch for about $1 billion in 2014.

Update with a tweet from Twitch.