Twitch suffered a hack this week that resulted in a considerable leak of sensitive data. Now, reports from people working on the platform indicate that this case is not as isolated as the site would like to make it appear, and that it would actually be the result of years of security neglect.
We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.
— Twitch (@Twitch) October 6, 2021
Speaking with The Verge, different anonymous sources agreed on a common point: the general “climate” in the company was one of employees raising security and management issues in no hurry to resolve them. One of these people said that “there was constant questioning and discontent about the common failures of moderation” and that the bosses responded “too slowly”.
That same source mentions raids, which have come to be negatively used to harass streamers sometimes. The concern that this could happen would have been raised by officials even before its launch, even by the name of the resource – which can be translated as an attack, or an invasion. But, according to this person, Twitch’s leadership was more concerned with launching the feature than any problems it might cause.
Someone else raises a question closer to the hack that happened this week. According to this person, Twitch often did not disclose security issues that it actually encountered. In 2017 there would have been a serious slippage in which scammers managed to deceive streamers into the income of their subscriptions.
The result has been that many Twitch accounts have been linked to compromised Amazon accounts, which can give hackers access to create scams behind Amazon Prime sign-up earnings.
The Verge also mentions that “several sources” describe Twitch as a company that talks a lot about security but does little. Despite the link with Amazon, the company operates largely on its own terms, including using third-party services that Amazon itself avoids, for example.