Twitch released a new statement denying the seriousness of the hack that grabbed headlines earlier this month, and the gaming platform reiterated that the incident was caused by a server setting change that allowed improper access by an unauthorized third party.
According to the Arab Technical News Gateway, it claimed that the passwords were not disclosed in the breach, and said: We are confident that the systems that store the login data, which has been hashed using bcrypt, were not accessed. No full credit card numbers or bank information were accessed.
The platform said: The exposed data mainly contained documents from the Twitch source code repository, as well as a subset of creator revenue data. Minuscule, we are reaching out to those who have been directly affected.
An unknown hacker leaked the entire source code of the platform via a 128GB file.
The data included creator payments going back to 2019, proprietary SDKs, internal AWS services used by Twitch, as well as all of the company’s internal cybersecurity red team tools.
While much of the press attention initially focused on content creators’ revenues, concerns about the privacy and security of all platform players began to grow in the days following the attack.
Experts have warned that all users of the Amazon-owned platform need to take immediate action to protect bank accounts from a potential wave of attacks by cybercriminals.
The platform announced that it was resetting all broadcast keys, and directed content creators to a website to obtain new broadcast keys.
The anonymous hacker behind the attack claimed the esports streaming platform’s lackluster response to complaints of racism and abuse directed against minority players in so-called “hate raids”.