[News] Hack makes Twitch users twitchy
Last week, streaming service Twitch faced a major hack.
On the 4chan forum, an anonymous user shared a 125GB torrent that contained, among other things, the platform’s source code and development kits, an unreleased gaming client, and information about how much top streamers earned. In the post (reproduced on ArsTechnica), the user said, “Jeff Bezos paid $970 million for this, we’re giving it away FOR FREE.”
Twitch quickly acknowledged that the hack had occurred.
As background, Twitch is an interactive live video streaming service. Founded in 2011, and acquired by Amazon in 2014, it offers every kind of video content imaginable, from music to cooking shows to news and political analysis. However, the most popular channels tend to focus on gaming. The top channel, Critical Role, is a tabletop game role-playing show, and many channels are devoted to streaming video games with live commentary.
The Twitch breach occurred when hackers took advantage of a server misconfiguration to download massive amounts of data. As reported by The Verge, former Twitch employees point to poor security measures as the reason the breach was possible. The Verge spoke to unnamed sources who claim that the platform has faced several security problems that were never publicly disclosed. In addition to linking streamer accounts to Amazon services, Twitch also uses third-party services that Amazon itself shies away from, and these have been the source of some of the problems.
As the Verge noted, “Multiple sources describe Twitch as a company that pays “lip service” to safety, but that doesn’t back up its words with action.”
Before this latest breach, something was up with the platform already. For one, over the summer Twitch had to contend with “hate raids,” where bots choked live chats with racist and other hateful comments. Many within the community called attention to the problems through the #twitchdobetter hashtag and a one-day walkout on September 1st.
According to the Washington Post, the 4chan user that leaked the data may have been one of the disaffected members of the community, as they claim to have leaked the information in order to “foster more disruption and competition in the online video streaming space.” The user furthermore called the Twitch community “a disgusting toxic cesspool.”
Since the data dump, the biggest topic of conversation has been streamer earning, since the breach revealed how much top creators are making. One streamer getting a lot of attention is Hasan “Hasanabi” Piker, who has made over $2.8 million in the past two years despite promoting leftist political positions. The Washington Post also noted that the data showed that only three women rank in the top 100 paid creators and that the vast majority of the top 10,000 streamers are white and male.
It’s troubling that two days after the breach, when one would assume the platform had locked everything down, hackers were able to insert close-up images of former Amazon CEO Jeff Bezos in the backgrounds of Twitch pages for popular games like Grand Theft Auto V and Minecraft.
In light of all these issues, many Twitch community members fear that trust is eroding in the platform. As tabletop role-playing game streamer Emme “Negaoryx” Montgomery told the Washington Post, “The timing couldn’t be worse for [the breach] to happen in terms of Twitch’s current public image.”
In other news
- Facebook in the spotlight over teen harm. Last week’s Facebook controversy continues. The BBC reports Frances Haugen, the Facebook whistleblower and former lead Product Manager who wants the platform to stop causing harm to users, is to appear before the UK parliament later this month. She’ll be discussing how the company puts profits above all else, using algorithms designed to stir things up and get you to buy more.
- In contrast, this week former UK political party leader Nick Clegg, now Head of Public Affairs at Facebook appeared on CNN news to announce Instagram’s initiatives to prevent teen harm. Answering questions related to revelations in congress about Facebook ignoring its own research into teen mental health, and research showing it incites unhealthy anger on its platform, he said he didn’t know if the platform spread pro-insurrection voices leading the Capitol Hill riots on January 6th. He added he thought Facebook’s algorithms “should be held to account if necessary, by regulation so that people can match what our systems say they’re supposed to do from what actually happens.”
- More on China’s crypto ban. China’s e-commerce giant Alibaba announced it had stopped selling cryptocurrency mining machines from October. Previously we reported China’s policy towards cryptocurrency trading and mining had hardened to make both activities illegal and any associated trade within China punishable with fines and criminal charges. Alibaba is also removing any tutorials, strategies, or software on its website designed to educate those wishing to buy coins belonging to virtual cryptocurrencies.
- European Parliament votes to ban automatic AI facial recognition. Investigations into automated facial recognition in public spaces, and how police can access artificial intelligence, led Europe’s leaders to ban the automatic use of facial recognition in public places. Citizens should only be monitored when suspected of a crime, and minority groups should not be studied to improve algorithms without consent or remedy in place if things go wrong. Up to now the development of facial recognition software by both government and private providers has been unregulated. MEPs felt that in particular private companies like Clearview AI need monitoring and will now discuss whether private company databases should be made illegal altogether.
- Crowdfunding with NFT giveaway a scam. In what seemed a genuine attempt to develop a new video game called ‘Evolving Apes’, a team led by a character known as ‘Evil Ape’ sold several thousand digital images of cartoon apes to raise capital to develop his project. Vice reports $2.7 million in crowdfunding later, he’s disappeared—along with all social accounts, websites, and his funds. But those NFT ape pictures are still out there with owners having a ‘g-aping’ hole in their bank accounts.
- The spy who fed me. Last Saturday, the US Justice Department caught a former US Navy engineer trying to pass on secrets about US nuclear-powered submarines by hiding a data stick in a peanut butter sandwich, and at another point in time a chewing gum packet. It seems trying to cover his tracks with messages via encrypted email, using tiny memory sticks in food items to make drops, and ensuring his payments were in cryptocurrency, wasn’t enough. Jonathan Toebbe’s luck ran out when the FBI arrested him and his wife—who he’d used as a lookout—on Saturday during a third dead drop in an ongoing sting effort. All of this proves it was ‘no time to spy’.
Tip of the week
As online gaming platforms such as Twitch and Steam gain users, they become more appealing targets for hackers. News of extensive security breaches appears in our feeds almost daily, so the question is not if your data will be compromised, but when. While online personal details can never be fully protected, there are a few easy ways to minimize your data security risk when gaming online.
On gaming sites, your account is tied to your email address, making it very easy for someone to identify you. So, choose a username and unique password that cannot be associated with you. Picking a random username with no fragments of your email address, location, or birthday is highly recommended. If your email is associated with a personal domain name, consider getting a disposable email address so the real one can never be compromised.
Check your privacy settings often, and use the maximum level of restrictions allowed. Online platforms change their policies all the time, so when you see that “Our terms have changed” popup, your next destination should be the privacy settings. When gaming on a borrowed device, for example, a school laptop, it’s imperative to check the privacy settings and make them as restrictive as possible.
Even with strong privacy settings in place, limiting the data you share with both the platform and other users is crucial. Think twice before answering any personal questions, and avoid offering any optional information.