- Jul 17, 2014
Twitch confirms massive data breachBy Joe Tidy & David Molloy
Game-streaming platform Twitch has been the victim of a leak, reportedly divulging confidential company information and streamers' earnings.
More than 100GB of data was posted online on Wednesday.
The documents appear to show Twitch's top streamers each made millions of dollars from the Amazon-owned company in the past two years.
Twitch confirmed the breach and said it was "working with urgency" to understand the extent of it.
In a statement posted on Twitter, the company said it would "update the community as soon as additional information is available".
Fortnite streamer BBG Calc told BBC News: "The earnings list got my figure 100% correct."
Another streamer confirmed to the BBC that their earnings were "accurate" while a third person closely linked to a high profile player said the details were "about right".
Those behind the leak also claimed to have the source code for the video platform itself.
Top earnersThe documents, shared in online forums, appear to show payments made from August or September 2019 to October 2021.
Some versions shared online point to well known streamers, including Dungeons & Dragons channel CriticalRole, Canadian xQC and American Summit1g, as being among the top earners.
Twitch famously fiercely guards operational details such as how much its streamers are paid, so this looks extremely embarrassing for the company.
And it comes at a time when competitors such as YouTube Gaming are offering huge salaries to snap up gaming talent, so the fallout could be significant.
Aside from the salary details, the documents seems to contain the site's source code and even technical details for yet to be released products and platforms.
And evidence is building at least some of the data looks real.
Security experts tell me the files contains things such as internal server details that can be accessed by Twitch employees only.
And if it is all confirmed, it will be the biggest leak I have ever seen - an entire company's most valuable data cleaned out in one fell swoop.
But the list of payments, apparently from Twitch itself, is unlikely to include sponsorship deals and other off-platform activities - or account for tax paid on income.
And many, if not all, of these top streamers are effectively large-scale media operations, with their own employees and business expenses - so the numbers do not represent "take-home pay" for those listed, even if genuine.
Metadata being posted to internet forums appears to show folders of data named after important software areas, including:
- "core config packages"
- "devtools" (developer tools)
- "infosec" (information security)
In the earliest known online post linking to the data, the anonymous poster labelled the Twitch community "a disgusting toxic cesspool" and claimed the leak was being posted "to foster more disruption and competition" in video streaming.
In recent months, Twitch has been battling a number of issues on its platform, such as "hate raids" - organised harassment of streamers from minority backgrounds.
And in early September, a boycott titled "a day off Twitch" saw creators effectively strike in protest at the lack of action on hate raids.
The UK's Information Commissioner's Office said it had not been notified of any data breach by Twitch or Amazon.
It's not yet clear how much has been compromised, so if you have a Twitch account, I would highly recommend that you change your password, enable two-factor authentication, and reset your stream key.