Summary

  • Twitch recently exposed a huge amount of source code and sensitive data after a server configuration change, which was then accessed by a malicious third party.
  • This breach is a classic case of cloud misconfiguration, where organizations inadvertently leak sensitive data without realizing.

Twitch, the live-streaming platform from Amazon, recently announced that it suffered an enormous data breach that exposed the company’s source code, users’ income streams and more.

The breach was posted on the message board 4chan, a popular hacker forum. Worryingly, the hacker’s post suggested that this leak was just the start. It labelled the post “part one”, meaning there could be a part two, even a part three, in the coming days.

According to online sources, the trove of data – which is in the form of a 125 GB torrent, includes:

  • All of Twitch’s source code “going back to its early beginnings”
  • Proprietary software development kits and internal AWS services used by Twitch
  • An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios
  • Data about twitch properties like IGDB and CurseForge
  • Creator revenue reports from 2019 to 2021
  • Mobile, desktop and console Twitch clients
  • A cache of internal “red teaming” tools designed to improve security
Tweet from Twitch confirming the data breach.


Following the leak, Twitch released a statement about the incident, as you can see in the Twitter post above.

In a blog about the incident, Twitch also shared a key detail. The breach was caused by “a server configuration change that was subsequently accessed by a malicious third party.”

While we don’t know the exact cause of the misconfiguration, this leak is not surprising. As more and more companies embrace infrastructure-as-a-service (IaaS) and software-as-a-service (SaaS) platforms, breaches brought about by misconfiguration issues are becoming more common. In fact, Gartner believes that, by 2025, 99% of cloud security failures will be the customer’s fault.

So, how can you prevent your company from ending up in the headlines like Twitch? Here are a few things to consider.

  • Use cloud security posture management tools: Cloud security posture management (CSPM) is the ongoing process of monitoring cloud platform account configurations to ensure that you are compliant with regulations such as HIPAA, GDPR and even PCI. Through predefined policiesand data analysis, CSPM solutions can find and remediate misconfigurations automatically before hackers get your hands on your data.
  • Enable multi-factor authentication: MFA should be enabled on all root and user accounts to prevent a brute-force attack. It would be best if you also changed your root account password regularly.
  • Use a cloud-based DLP: Leaky S3 buckets, unencrypted data sets and disabling CloudTrail are all common ways for AWS misconfigurations to occur. However, if you deploy a cloud-based data loss prevention (DLP) solution, then you can prevent sensitive data loss, even in cases where a misconfiguration occurs. Using APIs, cloud-enabled DLP extends data protection outside of the corporate network and directly into SaaS applications, giving security teams much needed control and visibility over how data is being used and stored – no matter where it travels.

Polymer is a no-code data loss prevention (DLP) platform that allows companies to monitor, auto-remediate, and apply behavioral techniques to reduce the risk of insider threats, sensitive data misuse, and leakage over third-party SaaS apps. Try Polymer for free.

SHARE

Get latest blogs delivered to your inbox