A huge cache of source code repositories, creator payouts, and other internal data from Twitch has been published online after an apparent hack.
In a post on Tuesday (but which was widely circulated on Wednesday), the leaker claims to have taken the video game streaming giant’s source code, as well as proprietary SDKs, or software development kits, which let developers integrate Twitch into their apps and services. The leaker also claims to have taken unreleased software as well as hacking tools used by the company to stress-test its own network from security threats.
The leaker says the cache, seen in part by TechCrunch, is “part one,” suggesting more data is expected to leak. The news was first reported by Video Games Chronicle, which said Twitch was internally “aware” of the leak on Monday. Twitch has not yet confirmed a breach, and has not responded to a request comment by TechCrunch.
But streamers were quick to lend credence to the apparent breach after creator payout figures were also leaked. (TechCrunch is not linking to the data since it contains personal information.) The data contains payouts for each Twitch user, some of which reach into the six-figures and more.
Several Twitch streamers have confirmed that the leaked records match their own. “I looked at a line from June 2019 and literally 100% match to the information showing on my analytics on my dashboard,” said one user.
The leak of internal source code could also represent a security risk, since it now allows practically anyone to search for security vulnerabilities in the code.
The breach comes almost exactly a month after Twitch streamers took September 1 to protest the company’s lack of action against “hate raids,” where bots are used to flood other streamers with hate and harassment.