Based on feedback from the security community, it appears that the claims of what type of data was involved in this breach are legitimate. That being said, we won’t know the full extent of the leak until Twitch is able to release more details. 

While validation is ongoing, it appears that the content of the leak is aligned with what the leaker themselves claim is in the 125GB file. This includes Twitch clients across mobile, desktop and console, proprietary SDKs, other services owned by Twitch,

…..Read More

Based on feedback from the security community, it appears that the claims of what type of data was involved in this breach are legitimate. That being said, we won’t know the full extent of the leak until Twitch is able to release more details. 

While validation is ongoing, it appears that the content of the leak is aligned with what the leaker themselves claim is in the 125GB file. This includes Twitch clients across mobile, desktop and console, proprietary SDKs, other services owned by Twitch, unreleased gaming platform data, and even payout reports for the streamers themselves. 

Across Twitter, members of the infosec community are validating data in the leak – in particular the payout reports for Twitch creators. Based on the commentary from the user who allegedly leaked the data out on 4chan, this looks like a highly targeted attack. Without additional details, it’s difficult to speculate how this individual was able to gain access to so much data. 

In other attacks, such as ransomware, an attacker will often acquire legitimate credentials through phishing campaigns then use those credentials to navigate the organization’s infrastructure. In these cases, the attacker will usually locate particularly valuable or sensitive data and encrypt it for ransom. This attack looks different because it’s not just one service or data type that was leaked – it spans almost every aspect of the Twitch platform including incredibly private proprietary data. 

Regardless of how the user was able to get their hands on all of this data, the incident highlights how important it is to have visibility into every aspect of your infrastructure. Organizations in every industry have a massive and complex mix of cloud and SaaS apps, private apps, and on-prem infrastructure. This makes it difficult to catch tell-tale signs of anomalous behaviour or massive data extraction across every one of those apps and services. Cloud access security broker (CASB) and zero trust network access (ZTNA) can help identify anomalous insider behaviour that could be threatening, mitigate the risk of unauthorized users gaining access to the infrastructure, and grant stronger visibility into how users and devices interact with your data.

  Read Less