Live streaming service Twitch was recently hit by a colossal hack, dumping just about everything about the company online for all to see. Links to a huge 125Gb torrent file was posted at 4chan, which members of the public were able to download. Accompanying text in the 4chan post from the hackers claimed they ‘have completely pwned them‘ and the motivation for the hack was to ‘foster more disruption and competition in the online video streaming space‘, and because Twitch’s ‘community is a disgusting toxic cesspool.’
Twitch has acknowledged the hack, a spokesperson saying they ‘can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this.’ The extent appears to be deep and far-reaching. So, what was included in the file? A better question might be what wasn’t included. Here are the key points taken from the 4chan hack post:
- Source code from almost 6,000 internal Git repositories.
- Mobile, desktop and video game console Twitch clients.
- Various proprietary SDKs and internal AWS services used by Twitch.
- Every other property that Twitch owns including IDGB and CurseForge.
- An unreleased Steam competitor from Amazon Game Studios.
- Twitch SOC internal red teaming tools.
In addition, some people have mentioned that encrypted passwords were exposed, though Twitch has denied this. Either way, users might want to change their login details or enable two-factor authentication.
Some of the more gossipy details from the hack are content creator payout reports from 2019. The number one money maker on the list was CriticalRole, raking in over $9 million dollars since August 2019. CriticalRole is a self-proclaimed ‘bunch of nerdy ass voice actors‘ with 825k followers at the time of writing.
When it comes to casino streamers, there are plenty of big names on the list, such as German (former) casino streamer TheRealKnossi, pulling in $2.2 million, and Tyler Niknam, better known as Trainwreckstv. Niknam has popped up on our radar numerous times in connection with questionable streaming practices and sponsorship from murky sources. He is well known for having more than one online slot going at the same time in a stream, regular betting over $1,000 a spin. Big money, but many doubt the bankroll is actually his – including fellow content creators.
Streamer AdinRoss is up there on the leaked payout report as well. His 5 million followers helped earn him $1.8 million. What makes Adin noteworthy is he was busted on Discord complaining about crypto casino Duelbits, who had ‘only’ offered to pay him $1.4 million to play at its site – per month.
This talk of money leads us to a seedier side of the internet we’ve been reporting on for some time. While the payouts on this leaked list are impressive, they only represent the money Twitch has paid content creators. In some cases, this is just a fraction of what these streamers are making from other sources, some not as above board as Twitch.
These shady back deals with dodgy casinos are increasingly being called out, and questions are being raised. We recently reported on an investigation into the dubious dealings going on at crypto casino Roobet by YouTuber Philion. In ‘The Rabbit Hole of Roobet‘, Philion made a connection between streamers and Youtubers being paid big bucks to promote Roobet to impressionable viewers, then funnelling cash through sketchy ‘charity’ sweepstakes.
Another YouTuber, Coffeezilla, is on the case as well, joining dots that connect online influencers with Roobet. In Episode 1 of ‘Roobet’s House of Cards‘, Coffeezilla has influencer SteveWillDoIt (as well as others) in his sights as he tracks down the millions of dollars flowing between Roobet and its pushers. In the clip, SteveWillDoIt essentially claims he’s simply a Roobet affiliate. However, a darker side appears to be emerging. They say where there’s smoke, there’s fire, and with Roobet’s reputation for lax to non-existent KYC, potentially allowing underage players to gamble, and players in restricted countries via VPN, it seems there is a lot more to this influencer story than just frat bros living it up on expensive YouTube videos.
Coming back to the hack, the 4chan post mentions that this is only one part of their release before signing off with ‘Jeff Bezos paid $970 million for this, we’re giving it away FOR FREE. #DoBetterTwitch‘. If there is additional material to come, it’s hard to imagine hackers doing more damage to Twitch than what they’ve already done.