Twitch has released details of its initial investigation into Wednesday’s massive data leak that exposed upwards of 125 gigabytes of proprietary information and code. That allegedly included info about the livestreaming streaming platform’s creator payouts, Twitch’s source code and an unreleased Steam rival being developed by Amazon Game Studios.
Twitch said “some data was exposed to the internet” due to an error in a server configuration change. The server was “subsequently accessed by a malicious third party,” the Amazon-owned company said in a blog post late Wednesday.
“As the investigation is ongoing, we are still in the process of understanding the impact in detail,” Twitch said.
According to Twitch, there’s no evidence that the hacked data set included login credentials. It also said that full credit card numbers are not stored by Twitch, so that info wasn’t exposed.
Early Wednesday, an anonymous individual uploaded a trove of data stolen from Twitch to 4chan. Per the hacker’s post, titled “twitch leaks part one,” the Twitch data included three years of details on creator payouts; source code for mobile, desktop and game console Twitch clients; an unreleased Steam competitor from Amazon Game Studios; and Twitch’s internal security tools.
Security experts said the leaker appeared motivated by a desire to embarrass Twitch and reduce users’ trust in the company.
Early Thursday, in an update to its blog post, Twitch said that it reset all stream keys — the codes that let creators connect dedicated streaming software their Twitch channel — “out of an abundance of caution.” Creators can obtain new stream keys at this link.
According to Twitch, depending on which broadcast software you use, you may need to manually update your software with the new key to start your next stream. Users of Twitch Studio, Streamlabs, Xbox, PlayStation, OBS and the Twitch mobile app “should not need to take any action for your new key to work.”