Twitch released another statement on the security incident that hit the company headlines earlier this month. The gaming platform confirmed that the incident was caused by a “change in the server configuration that allowed unauthorized third party access”.
Among other things, Twitch now claims that passwords were not disclosed during the break-in. One is “confident” that the systems that store Twitch login data and that are hashed with bcrypt have not been accessed. Also, no full credit card numbers or bank information have been compromised.
“The data disclosed primarily contained documents from Twitch’s source code repository as well as a subset of the creators’ payout data. We have thoroughly reviewed the information contained in the files disclosed and are confident that only a small fraction of users will be affected and the impact on customers will be minimal. We will get in touch with those affected directly, ”said the company.
An unknown hacker published all of Twitch’s source code in a 128 GB file on October 6th. This included payouts for creators dating back to 2019, proprietary SDKs and internal AWS services used by Twitch, as well as all of the company’s internal cybersecurity red teaming tools.