Massive Twitch Leak in October 2021 Explained – What Was Revealed?
Dropped on 4chan, a massive 128GB Twitch Leak happened in October 2021, and it may be the biggest leak of all time. The entire leak was dropped in a torrent that has been confirmed to exist by a number of sources. Perhaps scariest of all, this is reportedly just “Part One” of the leak, so there’s no telling what else this person has dredged up. There’s always a chance that it could have personal information of streamers, their bank/card information, and worse. That doesn’t appear to be a part of this first leak, but it does contain the creator payouts for all streamers. Here’s what we know so far about the October 2021 Twitch leak.
Why Did This Happen, What Can You Do?
There’s no telling why this really happened, but the 4chan post did make a few statements about the “extremely poggers leak”. Jeff Bezos paid 970 million dollars for Twitch, and this leaker reportedly is just “giving it away for free,” which is evident by the Torrent link. It was also marked with the hashtag #DoBetterTwitch, so it could simply be a person or persons who are frustrated with how Twitch has handled a variety of situations, such as the toxicity of Twitch:
“Their community is also a disgusting toxic cesspool, so to foster more disruption and competition in the online video game streaming space, we have completely pwned them, and in part one, are releasing the source code from almost 6,000 internal Git repositories”
It is incredibly important, no matter what you do on Twitch, to protect yourselves right now. You should go and change your password right away. You also need to make certain you have Two-Factor Authentication, and instructions to do that are here. You also need to go into your settings and update your Stream Key. There’s no telling who has what information right now, so it’s important to be safe and secure. This is an unprecedented leak, and it’s only the first part of it.
What Was Leaked?
As we have already reported, one of the huge things is, “Creator payouts from 2019 until now. Find out how much your favorite streamer is really making!” and that’s a horrifying thought. On one hand, sure, that huge streamer that does nothing but pitches buying their merch and donations may not need to do that, but this is still a serious violation of privacy. So what exactly was in the Twitch leak of October 2021? The mobile, desktop, and video game console clients for Twitch, and a wealth of proprietary SDKs and internal AWS services that Twitch uses. The entirety of Twitch.tv is also there, with commit history going back to the early days. It also contains every property that Twitch owns – including IGDB and CurseForge. An unreleased Steam competitor (Vapor), which likely exists to help bolster their own gaming efforts.
It also features “Red Team” penetration testing documentation, which features sensitive Twitch information. Though we do not have the torrent (and have no plans to download it), there are sources that show everything is there, and very much real. There are anonymous sources confirming everything in it is legit. This is more than just “change your passwords, someone out there has them potentially,” and could have serious long-term consequences. There’s always a chance someone uses this information to build their own streaming service, though the cost behind that would no doubt be incredibly prohibitive. This came at an incredibly bad time for Twitch. From the DMCA strike issues, Hate Raids, and the Pay-to-Win Twitch Boost feature, it just seems to be negative after negative for the streaming titan.
Do many people, this writer included, think Twitch needs to “do better”? Absolutely. It never feels like they have their users and content creators’ best interest at heart. Having this kind of financial information leaked could lead to litigation or other consequences. Then there’s the matter of all of that once-secure information out on the internet for anyone to download. Some folks on Twitter have already examined the information in the October 2021 Twitch leak.
One user examined Vapor, for example – Amazon’s Steam competitor that was supposedly in development. They said it seems to integrate most of Twitch’s features, and game-specific support for titles like Fortnite and PUBG. It also had some code for a game known as “Vapeworld”, which is just a terrible name for a game. The Twitter user assumes it’s some kind of VR chat. It’s terrifying to think that essentially the entire Twitch website was leaked for anyone to take and search through. It sounds like the passwords and sensitive information for people were commented out before the torrent was released. That still means that someone has seen it. Even if you’ve already set up 2-Factor Authentication, you should disable and re-enable it, just in case.
There are reported references to encrypted passwords in the leak from what we’ve come to understand, so it’s important to change your password, even if you rarely go to Twitch, or if you think nothing could happen to you. We have also reached out to Twitch on a statement and will report back if we hear anything.