Twitch has been the victim of a large data breach.
The game-streaming platform Twitch has been the latest victim of a data leak, revealing confidential company information, and streamer’s financial information. A mass of sensitive data was released to the public, including Twitch’s internal code and documents, and payments that were sent to thousands of the platform’s top streamers.
Twitch has said that an “error” caused the leak that posted vast amounts of sensitive data online this week. According to the streaming platform, the breach was caused by a “server configuration change” that “exposed” the data. It reported that the breach involved “a Twitch server configuration change that was subsequently accessed by a malicious third party”. “As the investigation is ongoing, we are still in the process of understanding the impact in detail,” it said.
Twitch also said that it had “no indication” login details were compromised “at this time,” and that it did not obtain any credit card information. As soon as the breach was discovered, the platform reset all users’ stream keys.
The BBC’s cyber reporter, Joe Tidy, said “Twitch’s short statement shows the company is in full crisis mode. Information-technology (IT) teams and security experts are still trying to understand just how bad the data leak is. The explanation for the hack is there was some sort of human error with a “server configuration”. In other words, someone set up the computers that store Twitch’s private data incorrectly, making it findable and downloadable to hackers. What the company has not said is when this mistake was made.”
- 40 million US T-Mobile customers hit by data breach
- IBM Report: cost of a data breach hits record high during pandemic
- You’ve had a breach – how do you successfully roll out an emergency patch?
- Security breaches are among contact centre professional’s biggest video call challenges
Cybersecurity awareness month
In light of Twitch’s recent breach, it is evident that cybersecurity month is more important than ever as organizations need to continue to develop their strategies. Over the last 18 months, it’s been evident that cyber-attacks haven’t slowed down, unfortunately, the opposite has happened. Research from Thales and 451 Research revealed that 47% of businesses saw an increase in the volume, severity, and/or scope of cyber-attacks in the past 12 months. Of those who have ever experienced a breach, 41% happened in the last year, this number has nearly doubled from 21% in 2019, highlighting the severity of the threat posed.
Jason Stirland, CTO at DeltaNet International, said: “Cybersecurity Awareness Month is another opportunity for businesses to educate their employees on staying safe and secure online, reducing the likelihood of being attacked. According to research by LastPass, despite 92% of online users recognizing that using the same password is a risk, 65% still reuse theirs across accounts, increasing the risk of a data breach. That’s why it’s so important for businesses to train their employees on the importance of using passwords securely as a preliminary line of defence.
“With cyber-attacks on the rise, it is remarkable how many passwords are compromised simply because they are not strong enough. Strong passwords are hard to guess, include a combination of upper-case letters, lower-case letters, symbols, and numbers, and are different for each account/platform. Unfortunately – often due to the sheer number of passwords required for users online – many people reuse the same password across multiple accounts, making them vulnerable and posing an information security risk, especially if shared with business accounts. To help counter this risk, IT teams should enable mandatory multi-factor authentication on company accounts as an added layer of security.”