A Twitch employee spoke with us on the condition of anonymity, stating that the massive leak may have been internal.a href="https://www.shacknews.com/author/donovan-erskine"">>Donovan Erskine 1
The internet woke up to quite the ordeal today when a massive Twitch leak revealed a slew of sensitive information, including the alleged incomes of thousands of streamers on the platform. There’s still a lot of concern and uncertainty surrounding the leak and its origin, but a first-hand source has weighed in. A Twitch developer has spoken with Shacknews and says that it’s likely that the leak originated internally.
Following the massive Twitch leak earlier this morning, we got in contact with a member of Twitch’s development team to get their take on the situation. Their identity will remain anonymous throughout this article. During our chat, the employee stressed how difficult it is just for them to log in and have access to sensitive information and controls at Twitch, which makes it tough to believe this attack could have been coordinated entirely from the outside.
We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.— Twitch (@Twitch) October 6, 2021
Twitch Dev: Here is the thing. That GitHub system, I have to hop through 2FA, a VPN, a pin, and a biometric key on my laptop.
Twitch Dev: This is my guess. And twitch is still "investigating" -- I do not see how to get in remotely.
Twitch Dev: and, I think, once the hackers saw the keys to all our databases, etc.... they pulled data
Twitch Dev: From what I saw, so I see no issue saying this as a public item, I looked at some of the leaked source code. keys to our bots for Slack, keys to our page-out tools, database passwords
The quotes from the developer confirm that Twitch leadership is still not sure where the leaks originated from. One of the more concerning aspects of this data breach is one that hasn’t been talked about nearly as much as streamer salaries - Twitch’s AutoModeration code is out in the wild.
Twitch Dev: What I fear, personally, and not sure people have thought of this. Our AutoMod source code is out there now -- making it easier to figure out how to circumvent.
Twitch Dev: This will make hate raids that much harder.
Twitch Dev: People can read how the tools moderate, if you can read the secret sauce, you can work around it.
Prior to today’s leak, Twitch had been dealing with the ongoing issue of hate raids on the platform, in which large amounts of bots would flock to a channel, spamming its live chat with hateful messages. It’s an issue that led Twitch to add new verification tools, enabling streamers to better control who is allowed to talk in their chat.
The new verification options work in tandem with Twitch’s AutoMod, which detects and addresses language and other behaviors that violate the Terms of Service. Those that are dedicated to orchestrating hate raids on the platform may now be equipped with the sensitive information they need in order to skirt around the barriers currently in place.
The situation surrounding the Twitch leak is unresolved and is still evolving. If Twitch confirms that these leaks did indeed come from the inside, we'll be sure to update this article, as well as our Twitch topic page, with new information.a href="https://www.shacknews.com/author/donovan-erskine"">>Donovan Erskine Contributing Editor
Donovan is a young journalist from Maryland, who likes to game. His oldest gaming memory is playing Pajama Sam on his mom's desktop during weekends. Pokémon Emerald, Halo 2, and the original Star Wars Battlefront 2 were some of the most influential titles in awakening his love for video games. After interning for Shacknews throughout college, Donovan graduated from Bowie State University in 2020 with a major in broadcast journalism and joined the team full-time. He is a huge Star Wars nerd and film fanatic that will talk with you about movies and games all day. You can follow him on twitter @Donimals_
Source : https://www.shacknews.com/article/127005/twitch-dev-says-4chan-source-code-leak-likely-originated-internally880