[MART] - Daily Diary #363 - Twitch Source Code and Data Leaked Online

CTAS-MAT ctas-mat at appgate.com
Wed Oct 6 21:29:02 UTC 2021 

Hello,
I hope everyone is doing well!

Below is the entry for today.

10/06/2021 - Diary entry #363

Today, October 6th, Twitch confirmed it was a victim of a recent breach. Earlier this morning an anonymous user posted a Torrent link for more than 100GB of data allegedly stolen from Twitch. The leaked files contain streamer payout information, source code for Twitch clients, twitch security tools and what seems to be the source code on an unreleased Steam competitor from Amazon Game Studios.

Twitch already acknowledged the leak through their Twitter page, saying that their teams are already working on it, and will update the community as soon as they have additional information.

>From a malware analyst point of view, source-code leaks are very dangerous, as this makes much easier for attackers and reverse engineers to find vulnerabilities and bugs in their production software. Client-side vulnerabilities can potentially be exploited to deliver an attack to users with Twitch software installed. Server-side vulnerabilities are even more dangerous, as they can potentially be used to deploy an attack into Twitch servers itself, compromising the service and the clients connected.

Some researchers also claim that the leaked data also includes encrypted passwords and other sensitive information. It's not clear yet how many data was leaked from Twitch, as the posted archive is named "twitch-leaks-part-one", implying that more data can yet be posted. We highly recommend for anyone that has a Twitch account to update their credentials and enable two-factor authentication.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Duarte Domingues
Security Researcher
Appgate

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 19 98840 2509

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/mart/attachments/20211006/24a571d7/attachment.htm>

More information about the MART mailing list