Video streaming giant Twitch has recently suffered a huge data breach, leaking users emails and passwords in plain-text records.
Twitch is an online video streaming platform that focuses on video game live streaming. It is used by many high profile streamers in the video gaming world and also to broadcast esports events.
The anonymous attacker released a data dump of 135GB to 4chan, a simple website where anyone can post anonymously. Information on payouts to top streamers, usernames, passwords, private business documents, design files, code and company development plans have been leaked by the attacker. It is unknown if the Cyberattacker has shared all data from their breach as they claim this was part one of the attacks. This Cyberattack not only leaked the data of the company, Twitch, but also the users who trusted the company with their personal data.
Twitch has acknowledged the attack and has put into place some precautionary measures to try and restore some security for the users. It has reset the stream keys for all users for security purposes. A stream key is a code to allow streaming software to communicate with Twitch. Users are also advised to reset their passwords and enable 2FA if they haven’t already.
The leak was enabled by a misconfigured network switch in Twitch’s network hardware which subsequently left their servers vulnerable for attack. This type of error is caused by human error, which Twitch has reported and apologised for.
Humans are often the weakest link in network security. Disaster can occur from complex mistakes like the misconfiguration of switches and servers. However, disaster could also occur from something as simple as clicking a malicious link from a phishing email. This highlights the importance of user education on best practices for security.