Twitch is not having a good time lately. On top of battling bots engaging in hate-raids spamming chats with horrible things, it appears they've also suffered a massive data breach.
First reported (as far as we can tell) by VGC, who have since had it confirmed that it's legitimate, this is a massive blow to Twitch and really shines a light on their security for such a thing to happen. Even though there's no indication yet that it includes login details, you may want to be extra careful and go change your Twitch password.
As for what it contains it includes:
- Twitch source code with repository commit history "going back to its early beginnings"
- Mobile, desktop and video game console Twitch clients
- Various proprietary SDKs and internal AWS services used by Twitch
- "Every other property that Twitch owns" including IGDB and CurseForge
- An apparent planned competitor to Steam named "Vapor"
- Streamer payout reports showing some receiving massive payouts
- Twitch security tools
This leak is apparently only part one, so there may be more to come yet. From what the leaker said they called the Twitch community a "disgusting toxic cesspool" and so they wanted to "foster more disruption and competition in the online video streaming space".
Update - Twitch has now confirmed on Twitter that it's real:
We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.