It’s more than a week since the gaming and content streaming giant Twitch confirmed a data breach. Twitch, a popular streaming service used by gamers, again made the headlines as it was attacked, resulting in 125 GB of data leaks onto the 4Chan forum. The leaked data comprises sensitive user data, including payments made to different content creators, unreleased gaming platforms, Twitch source code, and internal Red Team hacking tools.
Even though time has passed, it is still challenging to predict the damage being done. However, since the news broke out, Google searches for How to delete Twitch increased by 733%. It would be interesting to see if this attack will also impact the average earning of Twitch streamers. They earn $3000 to $5000 playing for 40 hours a week.
Interestingly, it is not the first time that Twitch has experienced such an attack. In June 2020, the IRC servers were attacked. Twitch uses IRC to enable developers to create chat functionality in their platform. In this attack, the download was replaced by a version that was compromised by a trojan backdoor.
What Happened With Twitch?
On Oct 6th, Twitch has confirmed that a threat actor successfully accessed data that was later exposed on the internet. It all happened because of the Twitch server configuration (AWS) error that some anonymous third-party hackers accessed. Gartner predicted that by 2025, 99% of cloud misconfiguration would be because of customers’ fault. Cloud misconfiguration is a big deal that you can’t ignore. It mainly happens because of human error. It won’t be wrong to say that a single mistake results in significant security incidents like this one and causes the loss of revenue and customer trust.
It is still not found how much data has been accessed. The company says that its security teams are still working to understand how the data breach takes place.
As Twitch is still investigating despite weeks passed away, no reports of login credentials being exposed have been exposed. To maintain users’ security, users were asked to change their passwords and enable two-factor authentication. Moreover, Twitch also reset all stream keys on its service.
Is There Any Further Risk of Data Leaks?
Unfortunately, it is one of the most embarrassing attacks in the recent attacks and has raised serious concerns over Twitch’s security. What’s more concerning is that the leak has been labeled as part one, which means that more of such information could be released later.
It’s assumed that hackers might expose the login passwords in part two of the data leak, and thus, the users should change their passwords.
Details of Exposed Data
Various internal sources made shocking revelations about the company. They reported that Twitch values blazing fast speed more than security and users’ data. This negligence has resulted in these data leaks. According to 4chan, the leaked data contains:
- Source code for a game named Vapeworld
- Data from every other source that Twitch owns
- Twitch’s internal red teaming tools that security teams use. Desktop, mobile, and video game consoles of Twitch clients.
- Twitch TV’s source code.
- Creator payout details from 2019.
- Proprietary SDKs and internal AWS services used by Twitch.
Previously, the popular streaming and gaming platform has experienced hate raids in which the users had to tackle uncontrolled bots spamming their channels. Even streamers joined a group that created a hashtag on Twitter and named it #Twitch Better to get the attention of the concerned people.
How to Protect Twitch From Such Attacks In the Future?
The best possible way to combat such cloud misconfiguration attacks is to follow a predefined strategy. The security leaders working in the cloud need to take responsibility and develop solid planning to ensure a robust cybersecurity culture. Some of the most prominent preventive measures are as follows:
- The sensitive data should be known and accessed by people who need it.
- Use encryption as it protects your data from getting into the wrong hands.
- Perform audits at regular intervals as this can give you an idea about any misconfiguration taking place.
- Implement the principle of least privilege. In this way, you can limit the insider attack risks and even reduce compromised accounts’ impact.
- Enhance your cloud infrastructure by designing new policies. Ensure that everyone is well aware of these policies, and to achieve this task, don’t forget to communicate with all staff members.
- Store credentials separately from the source code. Also, audit repositories to detect, remove and refresh them.
- Protect users’ credentials and access keys with multi-factor authentication, password protection methods, or cloud storage.
For more effective results, integrate the human-controlled methods with cloud automation methods. By combining both of these methods, you can reduce cloud security risks.
Choose the Right Security Solutions
Although maintaining robust security has become a daunting task for many organizations, the best thing they can do is to prevent misconfiguration as a part of the CI process. With a tagline of automatically managing your cloud security, Solvo maintains your digital security up to date at all times. If you also use AWS services like Twitch, then don’t worry. At Solvo, your AWS security posture gets audited continuously and the platform informs you about any potential threat or vulnerability. We also enforce the practice of least privilege configuration to control your security posture and risks. Discovering your cloud assets and protecting them automatically was never easier.
If you would like to learn more on how Solvo ensures cloud security, reach out to our team now. If you prefer to check it out for yourself, Solvo’s securityGenie can show you where your gaps are, which roles and policies put you at risk. It’s free, quick and easy!