Amazon’s Twitch blames configuration error for data breach

(Reuters) – Twitch, a live streaming e-sports platform owned by Amazon.com Inc, on Wednesday blamed “an error” in server configuration change that might have allowed an alleged hacker to leak sensitive information.

The platform said it was still assessing the impact and that it had reset all stream keys, or codes that allow influencers and streamers to connect and publish content for users.

Video Games Chronicle had earlier reported that an anonymous hacker had claimed to have leaked Twitch’s data, including the source code and information on its clients and unreleased games.

Earlier this week, Facebook Inc had blamed a “faulty configuration change” during routine maintenance work at its data centers networks for the nearly six-hour outage, which prevented the company’s 3.5 billion users from accessing its social media and messaging services.

The social media giant later confirmed that the error was not due to any malicious activity.

“Facebook basically just removed themselves from the Internet but they did not lose any sensitive information. For Twitch, it was just bad fortune,” said Candid Wuest, an executive for cyber protection research at Acronis.

A configuration change, which essentially means a routine maintenance change of an IT infrastructure from turning a network drive on or off or giving it a new name, possibly allowed a third party to access Twitch’s data, Wuest said.

Twitch, a popular platform among video gamers where they interact with users while live streaming content, said there was no indication of any exposure of user login credentials. The platform also added that it does not store full credit card details.

The Twitch hacker’s motive was to “foster more disruption and competition in the online video streaming space”, according to the Video Games Chronicle report.

About 125GB of data was leaked, including details on Twitch’s highest-paid video game streamers since 2019 such as a $9.6 million payout to the voice actors of popular game “Dungeons & Dragons” and $8.4 million to Canadian streamer xQcOW, the report said.

“Twitch leak is real. Includes significant amount of personal data,” cyber security expert Kevin Beaumont tweeted.

Twitch, with over 30 million average daily visitors, has become increasingly popular with musicians and video gamers.

The platform, which was boycotted earlier this year by users for not doing enough to block harassment, previously made a move to ban users for offenses such as hate-group membership and credible threats of mass violence.

(Reporting by Nivedita Balu in Bengaluru; Additional reporting by Aishwarya Nair in Bengaluru; Editing by Anil D’Silva, Shounak Dasgupta and Krishna Chandra Eluri)