Twitch says server error caused data leak

Streaming platform Twitch has blamed a massive leak of sensitive company data on a “server configuration error”.

The Amazon-owned firm said the error meant data was “exposed to the internet” and “subsequently accessed by a malicious third party”.

On Wednesday, an anonymous hacker posted key details of the site to the 4chan message board, including its source code, the payouts made to top creators on the site and code for a range of other Twitch products, including its mobile and desktop apps.

A message posted alongside the leaked files said they were being released to “foster more disruption and competition in the online video streaming space”.

Twitch was founded in 2011 and is predominantly used by creators to live stream themselves playing video games.

The platform has still not confirmed the full extent of sensitive data taken in the leak, but said it was continuing to investigate the incident.

“We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party. Our teams are working with urgency to investigate the incident,” the company said.

“As the investigation is ongoing, we are still in the process of understanding the impact in detail. We understand that this situation raises concerns, and we want to address some of those here while our investigation continues.

“At this time, we have no indication that login credentials have been exposed. We are continuing to investigate.

“Additionally, full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed.”

Online safety experts have urged anyone with a Twitch account to change their password as a precaution, with particular concern expressed for the accounts of the millions of younger users known to be on the platform.

Amazon bought Twitch for 970 million US dollars (£714 million) in 2014, and the platform is estimated to have more than 140 million monthly active users.