On one hand, I'm massively curious, that's a treasure trove of potentially great code. On the other hand, potentially facing the wrath of Amazon for possesing such a thing feels risky. Also,...
On one hand, I'm massively curious, that's a treasure trove of potentially great code.
On the other hand, potentially facing the wrath of Amazon for possesing such a thing feels risky.
Also, wasn't there already free games with Twitch prime before? Or am I mis-remembering? The article seems to indicate this was a completely new thing.
I didn't see where they implied it was a new thing, but yes, there are many free games on Twitch prime. I go in and claim them on a somewhat regular basis, but I've never actually installed any of...
Also, wasn't there already free games with Twitch prime before? Or am I mis-remembering? The article seems to indicate this was a completely new thing.
I didn't see where they implied it was a new thing, but yes, there are many free games on Twitch prime. I go in and claim them on a somewhat regular basis, but I've never actually installed any of them. I only just installed the 'Amazon Game Store' to be able to see what I have and apparently I've claimed 238 games at this point.
Someone has already made this: https://www.twitchearnings.com/ Pretty crazy at what some of the top earners are pulling although not together all surprising if you consider they are pulling in...
Pretty crazy at what some of the top earners are pulling although not together all surprising if you consider they are pulling in viewerships that used to sustain small television shows.
Thanks! The search even works. Nothing here is surprising. You can already reach something close to these numbers if you know a channel’s subscriber count.
Thanks! The search even works.
Nothing here is surprising. You can already reach something close to these numbers if you know a channel’s subscriber count.
[10:30PM PT] We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party. Our teams are working with urgency to investigate the incident.
As the investigation is ongoing, we are still in the process of understanding the impact in detail. We understand that this situation raises concerns, and we want to address some of those here while our investigation continues.
At this time, we have no indication that login credentials have been exposed. We are continuing to investigate.
Additionally, full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed.
A moderator in a streamer's discord recommended doing the following for anybody with an account: Change password Change stream key (even if not a streamer) Enable 2FA I did all three (apparently...
A moderator in a streamer's discord recommended doing the following for anybody with an account:
Change password
Change stream key (even if not a streamer)
Enable 2FA
I did all three (apparently didn't have 2FA), but also don't think they got passwords? It's been suggested as a possibility, though.
I hope everyone making all these changes intends on doing it again once Twitch confirms they've identified the source of the breach and contained it. Otherwise you're risking having all these...
I hope everyone making all these changes intends on doing it again once Twitch confirms they've identified the source of the breach and contained it. Otherwise you're risking having all these things leaked again, maybe without notice, because Twitch hasn't kicked out the attacker.
Good call on the stream key. Didn't think of that. Thanks. re: passwords: My assumption is that they didn't get plaintext passwords, only encrypted hashes. Nevertheless, those are brute-forceable,...
Good call on the stream key. Didn't think of that. Thanks.
re: passwords: My assumption is that they didn't get plaintext passwords, only encrypted hashes. Nevertheless, those are brute-forceable, etc. so... changing password is still a good idea.
Ah, Twitch 2FA is such an arse though. I enabled it and added it to Authy when I used that - then decided to use an open source alternative instead, and transferred my 2FA tokens over. Twitch...
Ah, Twitch 2FA is such an arse though. I enabled it and added it to Authy when I used that - then decided to use an open source alternative instead, and transferred my 2FA tokens over. Twitch seemed to use some sort of algorithm specific to Authy with a 7 digit code rather than a 6 digit code so I disabled and re enabled 2FA on my account, and this time it gave me a normal secret generating 6 digit codes that I could add to my new app. Great!
Everything worked okay at this point. Using the new app, my codes were authenticating me on Twitch as I'd expect. Then I deleted my Authy account, and the codes stopped working. Twitch Support were of no help either.
Thankfully Authy waits 30 days to actually delete your codes, so I decided to cancel the deletion and try porting it over again. And, as if by magic, the codes I already had started working again.
Maybe 2FA on Twitch is in some way tied to Authy, as if it is the only 2FA app there is, and with no option to use an alternative without an active Authy account. I have no idea. But I think Twitch 2FA does require your phone number, as does Authy, so that might go some way towards explaining it.
It's definitely possible, so it would be best to deactivate 2FA if it was already on and re-activate to get a new secret. If someone didn't have it on before, activating it now is a good idea.
It's definitely possible, so it would be best to deactivate 2FA if it was already on and re-activate to get a new secret. If someone didn't have it on before, activating it now is a good idea.
I hadn't considered that, I should mention something in that channel about it,. the idea hadn't even occurred to me. I guess I'm an accidental beneficiary of not having 2FA on in 2019.
I hadn't considered that, I should mention something in that channel about it,. the idea hadn't even occurred to me.
I guess I'm an accidental beneficiary of not having 2FA on in 2019.
I downloaded the torrent. Lots of interesting things inside. It looks like the leak includes .pem files for Twitch and Amazon (just internal stuff - one identifies as "Amazon.com Internal Root...
I downloaded the torrent. Lots of interesting things inside.
It looks like the leak includes .pem files for Twitch and Amazon (just internal stuff - one identifies as "Amazon.com Internal Root Certificate Authority" and expires in 2027). I don't know how to check if it includes the private key. But my favorite thing is the Domino's pizza ordering client written in Go. It'll let you find nearby stores, list prices and place orders all from the command line!
They've also got their software engineer interview questions in there. I'm sure at least one person will check those out in advanced. One question has candidates use the live Twitch API which I think is neat. I haven't seen a company do that in an interview before.
Edit:
I love that their chat pre-processor service (which includes auto-moderation checks) is called Prism.
And the micro-service for reporting similar channels is called "Kevin Bacon".
On one hand, I'm massively curious, that's a treasure trove of potentially great code.
On the other hand, potentially facing the wrath of Amazon for possesing such a thing feels risky.
Also, wasn't there already free games with Twitch prime before? Or am I mis-remembering? The article seems to indicate this was a completely new thing.
I didn't see where they implied it was a new thing, but yes, there are many free games on Twitch prime. I go in and claim them on a somewhat regular basis, but I've never actually installed any of them. I only just installed the 'Amazon Game Store' to be able to see what I have and apparently I've claimed 238 games at this point.
Oh hell not another one. At least it probably won't be as half-baked as EGS.
Someone has already made this: https://www.twitchearnings.com/
Pretty crazy at what some of the top earners are pulling although not together all surprising if you consider they are pulling in viewerships that used to sustain small television shows.
Looks like it's been taken down.
Thanks! The search even works.
Nothing here is surprising. You can already reach something close to these numbers if you know a channel’s subscriber count.
Update from Twitch: https://blog.twitch.tv/en/2021/10/06/updates-on-the-twitch-security-incident/
A moderator in a streamer's discord recommended doing the following for anybody with an account:
I did all three (apparently didn't have 2FA), but also don't think they got passwords? It's been suggested as a possibility, though.
I hope everyone making all these changes intends on doing it again once Twitch confirms they've identified the source of the breach and contained it. Otherwise you're risking having all these things leaked again, maybe without notice, because Twitch hasn't kicked out the attacker.
Good call on the stream key. Didn't think of that. Thanks.
re: passwords: My assumption is that they didn't get plaintext passwords, only encrypted hashes. Nevertheless, those are brute-forceable, etc. so... changing password is still a good idea.
Ah, Twitch 2FA is such an arse though. I enabled it and added it to Authy when I used that - then decided to use an open source alternative instead, and transferred my 2FA tokens over. Twitch seemed to use some sort of algorithm specific to Authy with a 7 digit code rather than a 6 digit code so I disabled and re enabled 2FA on my account, and this time it gave me a normal secret generating 6 digit codes that I could add to my new app. Great!
Everything worked okay at this point. Using the new app, my codes were authenticating me on Twitch as I'd expect. Then I deleted my Authy account, and the codes stopped working. Twitch Support were of no help either.
Thankfully Authy waits 30 days to actually delete your codes, so I decided to cancel the deletion and try porting it over again. And, as if by magic, the codes I already had started working again.
Maybe 2FA on Twitch is in some way tied to Authy, as if it is the only 2FA app there is, and with no option to use an alternative without an active Authy account. I have no idea. But I think Twitch 2FA does require your phone number, as does Authy, so that might go some way towards explaining it.
How was your experience with it?
I just enabled it for two accounts, added it to 1Password with the click of the "Scan QR Code" button and everything worked fine.
I had an issue using the codes they texted me to enable 2fa but got it enabled via Google Authenticator (my go-to) after a few tries.
If they have password wouldn’t they also have all 2FA secrets?
It's definitely possible, so it would be best to deactivate 2FA if it was already on and re-activate to get a new secret. If someone didn't have it on before, activating it now is a good idea.
I hadn't considered that, I should mention something in that channel about it,. the idea hadn't even occurred to me.
I guess I'm an accidental beneficiary of not having 2FA on in 2019.
I downloaded the torrent. Lots of interesting things inside.
It looks like the leak includes .pem files for Twitch and Amazon (just internal stuff - one identifies as "Amazon.com Internal Root Certificate Authority" and expires in 2027). I don't know how to check if it includes the private key. But my favorite thing is the Domino's pizza ordering client written in Go. It'll let you find nearby stores, list prices and place orders all from the command line!
They've also got their software engineer interview questions in there. I'm sure at least one person will check those out in advanced. One question has candidates use the live Twitch API which I think is neat. I haven't seen a company do that in an interview before.
Edit:
I love that their chat pre-processor service (which includes auto-moderation checks) is called Prism.
And the micro-service for reporting similar channels is called "Kevin Bacon".
This is a fun week for fuckups of gigantic proportions.