Security Wrap-Up (Oct 7th, 2021)

FORGET THE INTRO - OMZJ, TWITCH!!

frustrated

Even in a week when Facebook booted itself off the internet entirely, you likely heard/read/ranted to someone by now about the astoundingly nasty Twitch breach. So let’s talk about Twitch this week. First off, I hope you’ve already changed your password(s). Second, sigh…it’s tough to feel sorry for Twitch after some of their recent heat, but there’s really no hyperbole hyper-enough to get across how terrible this was for them. TL;DR that article - the information stolen/posted contains:

  • The entirety of Twitch’s source code with comment history “going back to its early beginnings”
  • Creator-payout reports from 2019
  • Mobile, desktop and console Twitch clients
  • Proprietary SDKs and internal AWS services used by Twitch
  • “Every other property that Twitch owns” including IGDB and CurseForge
  • An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios
  • Twitch internal “red-teaming” tools (designed to improve security by having staff pretend to be hackers)

Just…damn, y’all. Gotta lock down those servers (or at least re-name them?). Anyways, what do you guys think - does this change your opinion of Twitch/their platform’s security, or can I watch you play Ocarina of Time all night?? :metal:t2:

1 Like

As a streamer, it definitely makes me rethink their security… Luckily I already had 2FA turned on but it’s still not a great experience with the platform. But, doesn’t change the fact that I’m going to continue to use Twitch, haha.

1 Like