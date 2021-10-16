Twitch, Amazon’s game streaming service, confirmed this Friday () that the virtual attack suffered by the platform on October 6, caused a data leak. The platform stated, however, that passwords, login credentials, full credit card numbers and bank details of users were not affected.

According to Twitch in its statement, the flaw was caused by a server configuration error, changed during the maintenance process, which allowed third party access to platform data, mainly documents from Twitch’s source code repository and information about payments made to the service’s streamers.

Twitch, still in its statement, claims to be confident that the incident only affected a small number of users of the platform, and confirmed that he will be entering with those who were directly affected by the spill.

4chan’s post with Twitch’s data leak. (Image: Playback/BleepingComputer)

On October 6th, a directory with 125 GB of Twitch files were posted on the anonymous 4Chan forum, containing streamers’ income reports, internal tools, and the site’s source code. Two days later, on October 8, several game pages on Twitch were vandalized, displaying an image of Jeff Bezos, founder of Amazon, in their backgrounds.

Although, on the day of the incident, it was speculated that the change in the background of the pages was made from the leaked source code, a Reddit user stated that it would be possible to change the images of the game pages from changes in the cache present in the Distribution Network. Content (CDN) used by Twitch.

CDNs are networks of servers that store copies of website content in their memory, that is, cache, and then make them available for use. visitors, which makes sense with the platform’s statement, which alleges that the incident occurred due to an error in the server configuration.

