Twitch leak: why did a payout list of top earners appear on 4chan - data breach and password advice explained

Twitch users have been urged to reset their passwords after a data breach saw a list of payouts made to top creators leaked.

The leak, which detailed users’ earnings made on the streaming platform, was posted by an anonymous hacker on the messaging service 4chan.

Amazon owned Twitch confirmed the security breach in a statement in which a spokesperson said the company was working on understanding how it happened.

Here’s all you need to know about the Twitch leak, when it happened, why the breach took place, what was leaked and if there is likely to be more leaks in the future.

What is the Twitch leak?

An anonymous hacker has posted key details of Twitch online.

The link, which was posted to messaging platform 4chan on Wednesday, claimed to contain details of the payouts made to top creators on the platform, code for its mobile, desktop and games console client apps, as well as a wide range of other internal software and business details.

The Amazon-owned platform has now confirmed a breach has taken place and said it was investigating the severity of the leak.

“We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this,” a Twitch spokesperson said.

“We will update the community as soon as additional information is available. Thank you for bearing with us.”

What was leaked about Twitch?

According to reports from Video Games Chronicle (VGC) and The Verge, the leaked data includes code that is as recent as this week, suggesting the hack could have taken place in recent days.

Reports suggest the leak does not include personal or password information on Twitch users, but some have noted the leak is labelled “part one”, suggesting further information obtained as part of the breach could still be released.

Why was Twitch hacked?

A message posted alongside the leaked files said they were being released to “foster more disruption and competition in the online video streaming space”.

Twitch was founded in 2011 and is predominately used by creators to live stream themselves playing video games.

Amazon bought the site for 970 million US dollars (£714 million) in 2014, and the platform is estimated to have more than 140 million monthly active users.

How can Twitch users stay safe?

Online safety experts have urged anyone with a Twitch account to change their password as a precaution, with particular concern expressed for the accounts of the millions of younger users known to be on the platform.

Tony Neate, chief executive of Get Safe Online, said: “It has been reported today that the entirety of Twitch has been hacked, with its data now being leaked into the public domain.

“Whenever a hack takes place our sympathies go to those who have been compromised, and when the majority of those affected are children, the impact is amplified.

“Parents will be concerned, but there are a couple of actions that they can take that can help. Firstly, have a conversation with their child to establish if they have a Twitch account.

“If they do, and with immediate effect, ask them to change their password as a matter of urgency, using a combination of three unrelated words that are memorable, replacing some letters with numbers to enhance its security.

“If they can, also enable two-factor authentication. By doing this as quickly as possible it will ensure they are protecting themselves as best they can in light of the current situation.”

What has Twitch said about data breach?

Twitch has still not confirmed the full extent of sensitive data taken in the leak, but said it was continuing to investigate the incident.

“We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party. Our teams are working with urgency to investigate the incident,” the company said.

“As the investigation is ongoing, we are still in the process of understanding the impact in detail. We understand that this situation raises concerns, and we want to address some of those here while our investigation continues.

“At this time, we have no indication that login credentials have been exposed. We are continuing to investigate.

“Additionally, full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed.”

A message from the editor:

Thank you for reading. NationalWorld is a new national news brand, produced by a team of journalists, editors, video producers and designers who live and work across the UK. Find out more about who’s who in the team, and our editorial values. We want to start a community among our readers, so please follow us on Facebook, Twitter and Instagram, and keep the conversation going. You can also sign up to our email newsletters and get a curated selection of our best reads to your inbox every day.