Close this search box.

Twitch data breach exposes “everything” in possible “hacktivism”. How did it happen?


Hacker promises more is on the way even as source code, confidential company info and user payouts are laid bare for the public

  • The world’s leading site for streamers has been hacked in a massive breach
  • The site is one of the busiest in the world, regularly drawing numbers that put it in the company of services like Netflix and YouTube
  • The action seems to be motivated by “hacktivism” rather than a pure “cyber crime” action
  • The data breach included tables revealing how much the platform’s streamers make each month.

A massive data breach of video streaming service Twitch last week exposed just about everything possible that could be taken from its internal network.

The 125 GB torrent, posted on a public website for anyone to download, has been confirmed by Twitch and is only the “first part” of forthcoming materials according to the anonymous leaker.

We look at what went wrong and (based on what we know so far) how.

The entire platform exposed: What actually happened

The data breach appeared as a 125 GB torrent link posted to popular message board 4Chan on Wednesday last week.

The anonymous leaker accompanied the torrent link with a message that indicates that this is more of an activist action than an attempt at cyber crime as we know it; captioning the initial post with a picture of a surprised Jeff Bezos (Amazon purchased Twitch for $970 million in 2014), the leaker called Twitch a “disgusting toxic cesspool” and exhorted the company to “do better.”

Founded as the gaming specialty channel of pioneering streaming service in 2007, Twitch quickly took on a life of its own as the world’s premier online destination for eSports broadcasting.

It is also the leading site for “streamers” who make a living recording themselves playing video games online. The site is one of the busiest in the world, regularly drawing numbers that put it in the company of services like Netflix and YouTube.

The leaker claims that the source code was taken from over 6,000 internal GitHub repositories. According to the initial 4Chan post, the data breach contains just about every piece of proprietary code one could want from Twitch: the service’s clients for various platforms, all of the code for the site dating back to its inception, internal AWS services, proprietary SDKs, code for properties that Twitch has acquired (such as modding site CurseForge and the Internet Game Database), internal security “red teaming” tools for simulating attacks, and initial code for an online gaming platform called Vapor (comparable to Steam) that Amazon currently has in development.

The leaker called Twitch a “disgusting toxic cesspool” and exhorted the company to “do better.”

There are conflicting reports about whether encrypted or hashed passwords are included. The initial 4Chan post does not mention this, but some social media users claim to have found some while combing through the torrent.

Regardless of whether or not user login information is included, all Twitch users are advised to change their password and ensure two-factor authentication is implemented as more leaked data may be coming down the pipe.

In addition to the absolute pile of code, the data breach included tables revealing how much the platform’s streamers make each month.

While this did not include financial information or personal documents, it quickly became a popular piece of gossip around the internet as it was revealed that broadcasting yourself playing video games can make you a millionaire; in fact, 81 people have made more than $1 million since August 2019. The biggest earners, the Critical Role channel, are close to cracking $10 million.

Twitch confirmed that the data breach was legitimate in a tweet on Wednesday, saying that it is “working with urgency” to measure the extent of the damage. The company reset all stream keys on Thursday as a safety precaution and asked content creators to obtain new ones.

Why would “hacktivists” target Twitch?

While the leaker has yet to get into specifics about their motivations, the timing would indicate that it has something to do with mounting discontent among streamers over harassment.

On 1 September 2021, a number of high-profile streamers organised a virtual walkout for the day in protest of the platform’s failure to protect them from organized “hate raids” that disrupt broadcasts. Often driven by bots, hate raids involve flooding a stream with negative comments to push out legitimate chat users.

The leaker’s 4Chan post may refer to the #TwitchDoBetter hashtag that creators have rallied under to protest Twitch’s lack of safety and moderation.

However, “doxxing” these same creators and putting the platform itself in peril via massive data breach would certainly be an unusual protest strategy.

The platform has certainly angered many in recent years for its heavy-handed policing of stream content, issuing bans for the use of words that are off-color but not profane and taking flack from conservatives over perceived political bias (former president Trump had his channel streaming live rallies banned from the platform).

Creators have also expressed discontent over the platform’s sexual content policies. Nominally banned, some creators feel that certain streamers are abusing the system by wearing revealing clothing during streams; essentially a “peep show” under the ruse of watching a video game.

Streamers in bikinis became so common that Twitch created a dedicated “Hot Tub, Pool and Beach” channel earlier this year for streams of this nature.

Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235


Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →



Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution



A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →