UPDATE 15/10/21: Twitch has released a further statement with regards to the recent data leak, confirming that passwords have not been exposed.
"As we said previously, the incident was a result of a server configuration change that allowed improper access by an unauthorized third party. Our team took action to fix the configuration issue and secure our systems," it reads.
"Twitch passwords have not been exposed. We are also confident that systems that store Twitch login credentials, which are hashed with bcrypt, were not accessed, nor were full credit card numbers or ACH / bank information.
"The exposed data primarily contained documents from Twitch's source code repository, as well as a subset of creator payout data. We've undergone a thorough review of the information included in the files exposed and are confident that it only affected a small fraction of users and the customer impact is minimal. We are contacting those who have been impacted directly.
"We take our responsibility to protect your data very seriously. We have taken steps to further secure our service, and we apologize to our community."
We have an update for the community regarding last week’s security incident. Please visit the Twitch blog for more information https://t.co/DatpHD4Bja— Twitch (@Twitch) October 15, 2021
ORIGINAL STORY 07/10/21: After a major leak of its source code, Twitch has commented in more detail via a new blog post confirming "some data" had been exposed, although there was "no indication" that login details had leaked.
The post follows an initial comment on Twitter from the Amazon-owned streaming platform, as previously reported.
The Twitch source code was leaked by an anonymous hacker on 4chan, with the intention to "foster more disruption and competition in the online video streaming space". The data includes streamer revenue reports and an unreleased Steam competitor from Amazon Game Studios.
"We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party. Our teams are working with urgency to investigate the incident," reads the Twitch blog post.
"As the investigation is ongoing, we are still in the process of understanding the impact in detail. We understand that this situation raises concerns, and we want to address some of those here while our investigation continues.
"At this time, we have no indication that login credentials have been exposed. We are continuing to investigate.
"Additionally, full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed."
The company has further emailed streamers directly to notify them that stream keys have been reset and that, depending on the software used, streamers may need to update the software with the new key.
Streamers have also been advising each other to change Twitch passwords and activate two-factor authentication.
If you've changed your Twitch password as a result of the data breach, be aware that this also disconnects any connected apps like OBS.— OBS (@OBSProject) October 6, 2021
If you're missing your Twitch chat and other docks, you will need to reconnect your account under Settings / Stream.
Cybersecurity experts have warned of the potentially dire consequences of the leak.
"The first question on everyone's mind has to be: How on earth did someone exfiltrate 125GB of the most sensitive data imaginable without tripping a single alarm?" he said. "There's going to be some very hard questions asked internally."
BBC cyber reporter Joe Tidy said: "And if it is all confirmed, it will be the biggest leak I have ever seen - an entire company's most valuable data cleaned out in one fell swoop."
He added that the attack's fallout could be significant when YouTube Gaming has already poached some of Twitch's biggest streamers with the lure of big contracts.
The release of top streamer revenue also calls into question the lack of diversity among the top earners. There is a wealth of diversity among Twitch streamers, but when white men dominate earnings figures it suggests a lack of discoverability and visibility of diverse communities - something marginalised streamers have rallied against with #TwitchDoBetter.
And with issues like the hot tub meta from earlier this year that had male streamers complaining about their viewers being stolen, the release of these figures proves that simply isn't true.
At the top of the leaked earnings list is Critical Role, a TTRPG company who do champion diversity. If anything this just proves the power of having an inclusive environment on Twitch.
All of this comes as little surprise to marginalised streamers. "All that energy we spend pissing and crying about how women were 'making a dangerous precedent' amidst incels shouting 'titty streamers' and they're not even in the same grouping for payouts," Twitch streamer PleasantlyTwstd said on Twitter. "Find the Black person on [the top earnings list] while you're at it."
All that energy we spend pissing and crying about how women were "making a dangerous precedent" amidst incels shouting "titty streamers" and they're not even in the same grouping for payouts. Find the Black person on here while you're at it.— Aunt PT / Functioning Mess 🏳️🌈 (@pleasantlytwstd) October 6, 2021
Honestly, truly shut up.
Everyone after the Twitch leak: "Wow it seems like mostly white men creators who make the most money in gaming, that doesn't seem balanced.."— Black Girl Gamers (@blackgirlgamers) October 6, 2021
Some of y’all are paying a little too much attention to how much money the top Twitch streamers make, and not enough attention to marginalized creators who struggle to grow simply because of their identity, for my taste— Jeff Brutlag 🏳️🌈 (@jeffbrutlag) October 6, 2021
Other streamers have pointed out the 50-50 revenue split Twitch takes on streamer earnings, which further highlights the amount of money Twitch itself makes from its streamers.
the leaked twitch payouts should honestly be an eye opener and a conversation about the robbery twitch does on their creators. taking 50% of the majorities pay is wild and we don’t make nearly as much as viewers think we do.— ☾ 𝔡𝔞𝔫𝔦 (@motherrmoon) October 6, 2021
Will you support Eurogamer?
We want to make Eurogamer better, and that means better for our readers - not for algorithms. You can help! Become a supporter of Eurogamer and you can view the site completely ad-free, as well as gaining exclusive access to articles, podcasts and conversations that will bring you closer to the team, the stories, and the games we all love. Subscriptions start at £3.99 / $4.99 per month.