Twitch, the live-streaming platform from Amazon, recently announced that it suffered an enormous data breach that exposed the company’s source code, users’ income streams and more.
The breach was posted on the message board 4chan, a popular hacker forum. Worryingly, the hacker’s post suggested that this leak was just the start. It labelled the post “part one”, meaning there could be a part two, even a part three, in the coming days.
According to online sources, the trove of data – which is in the form of a 125 GB torrent, includes:
- All of Twitch’s source code “going back to its early beginnings”
- Proprietary software development kits and internal AWS services used by Twitch
- An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios
- Data about twitch properties like IGDB and CurseForge
- Creator revenue reports from 2019 to 2021
- Mobile, desktop and console Twitch clients
- A cache of internal “red teaming” tools designed to improve security
Following the leak, Twitch released a statement about the incident, as you can see in the Twitter post above.
In a blog about the incident, Twitch also shared a key detail. The breach was caused by “a server configuration change that was subsequently accessed by a malicious third party.”
While we don’t know the exact cause of the misconfiguration, this leak is not surprising. As more and more companies embrace infrastructure-as-a-service (IaaS) and software-as-a-service (SaaS) platforms, breaches brought about by misconfiguration issues are becoming more common. In fact, Gartner believes that, by 2025, 99% of cloud security failures will be the customer’s fault.
So, how can you prevent your company from ending up in the headlines like Twitch? Here are a few things to consider.
- Use cloud security posture management tools: Cloud security posture management (CSPM) is the ongoing process of monitoring cloud platform account configurations to ensure that you are compliant with regulations such as HIPAA, GDPR and even PCI. Through predefined policiesand data analysis, CSPM solutions can find and remediate misconfigurations automatically before hackers get your hands on your data.
- Enable multi-factor authentication: MFA should be enabled on all root and user accounts to prevent a brute-force attack. It would be best if you also changed your root account password regularly.
- Use a cloud-based DLP: Leaky S3 buckets, unencrypted data sets and disabling CloudTrail are all common ways for AWS misconfigurations to occur. However, if you deploy a cloud-based data loss prevention (DLP) solution, then you can prevent sensitive data loss, even in cases where a misconfiguration occurs. Using APIs, cloud-enabled DLP extends data protection outside of the corporate network and directly into SaaS applications, giving security teams much needed control and visibility over how data is being used and stored – no matter where it travels.