Twitch source code and streamers' and users' sensitive information were allegedly leaked online by an anonymous user on the 4chan imageboard.

The leaker shared a torrent link leading to a 125GB archive containing data allegedly stolen from roughly 6,000 internal Twitch Git repositories.

"Their community is also a disgusting toxic cesspool, so to foster more disruption and competition in the online video streaming space, we have completely pwned them, and in part one, are releasing the source code from almost 6,000 internal Git repositories," the post reads.

According to the anonymous 4chan user, the leaked Twitch data contains:

  • The entirety of twitch.tv, with commit history going back to its early beginnings
  • Mobile, desktop, and video game console Twitch clients
  • Various proprietary SDKs and internal AWS services used by Twitch
  • Every other property that Twitch owns, including IGDB and CurseForge
  • An unreleased Steam competitor from Amazon Game Studios
  • Twitch SOC internal red teaming tools (lol)
  • Creator payout reports from 2019 until now.
Image: BleepingComputer

The anonymous poster named his thread "twitch leaks part one," which hints at further stolen Twitch data likely being leaked in the future.

BleepingComputer downloaded a portion of the leaked data and can confirm that it looks authentic and matches what was disclosed by the hacker.

Twitch source code and data leak
Image: BleepingComputer

The leak was likely a direct reply to Twitch's lack of response and effective tools to fend off  hate raids targeting streamers in August, given that the anonymous leaker also used the #DoBetterTwitch hashtag.

This hashtag was used on Twitter by streamers who shared how their Twitch stream chats were being flooded with harrassment bots.

Twitch eventually acknowledged the issue and said it will launch account verification and channel-level ban evasion detection tools later this year.

"Thank you to everyone who shared these difficult experiences. We were able to identify a vulnerability in our proactive filters, and have rolled out an update to close this gap and better detect hate speech in chat.," the company said.

A Twitch spokesperson confirmed over email that "a breach has taken place" after this article was published.

Update: Added more info regarding the hackers' motivation. 

Related Articles:

Chipmaker Nexperia confirms breach after ransomware gang leaks data

Hacker claims Giant Tiger data breach, leaks 2.8M records online

Roku warns 576,000 accounts hacked in new credential stuffing attacks

AT&T now says data breach impacted 51 million customers

AT&T faces lawsuits over data breach affecting 73 million customers