Cyberattacks are performed for various purposes, including beating competition, extortion, and political agendas. Lately, the Amazon-owned gaming platform Twitch was the target of a huge cyberattack.
Estimated reading time: 4 minutes
“An anonymous hacker claims to have leaked the entirety of Twitch, including its source code and user payout information. The user posted a 125GB torrent link to 4chan on Wednesday, stating that the leak was intended to ‘foster more disruption and competition in the online video streaming space’ because ‘their community is a disgusting toxic cesspool,’” according to Video Games Chronicle, which first reported about the hack.
One of the biggest data leaks in history
Twitch confirmed the breach on 6th October 2021 by tweeting, “We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us.” on their official handle.
A popular application or service getting hacked is nothing new. In fact, DoorDash, Facebook, Linked In, MoviePass, Words With Friends, etc., were all hacked in the last three years. However, the Twitch hack is quite a unique disaster: the reason being the attacker was able to gain access to and leak the entirety of Twitch in a 125GB torrent link to 4chan.
The leaked data contains the complete source code of Twitch — going back to the commits created as early as its initial years. The hack also revealed data about its console, desktop, and mobile clients, internal services, and proprietary SDKs. The leak also included data from other Twitch-owned properties like CurseForge and IGDB. And if that’s not enough, creator payout reports were leaked as well.
That is why this hack has become one of the most significant data leaks in history. “This level of hack would ‘send a shudder down any hardened infosec professional,’ Archie Agarwal, founder and CEO at New Jersey cybersecurity firm ThreatModeler told the Guardian.
What we can learn about network security
The magnitude of this particular breach raises many questions concerning network security practices. The e-sports streaming service said that the breach was caused by a server configuration change, which exposed some data. “Security misconfigurations are one of the most common gaps that criminal hackers look to exploit. According to a recent report by Rapid 7, internal penetration tests encounter a network or service misconfiguration more than 96% of the time,” according to IT Governance.
Though the investigation is still ongoing internally at Twitch, it is possible to assume that Twitch was not following the industry standards regarding cybersecurity best practices, including network security practices.
Network security refers to the set of hardware and software solutions and configurations, processes, and rules utilized to secure the accessibility, confidentiality, and integrity of computer networks. Network security encompasses the majority part of cybersecurity. If one can protect the overall network of an organization, an attack through inside and outside the network can be detected and blocked by the network security solutions.
For instance, if a bad inside actor compromises a system and plans to take control of the entire network, a security solution will protect the actor from scanning the whole network, thus protecting other systems in the network. Similarly, if a bad actor tries to access the network from outside the network, a network firewall or a web application firewall will detect and block and alert about the intrusion.
Battling network security breaches
Network security solutions deploy multiple layers of security, with each layer utilizing different sets of controls and barriers. It ensures that authorized users alone can cross these barriers while cybercriminals or other malicious actors are blocked out of the network infrastructure.
In a way, network security works like police officers on roadblocks by keeping the bad traffic outside them. That said, numerous solutions help protect a network, all providing different sets of configurations and security features. Of course, a good security posture utilizes multiple solutions to provide all-around security to the network infrastructure. For example, the common network security solutions include firewall, network segmentation, zero-trust network access, data loss prevention, email security, sandboxing, cloud network security, etc.
Network security is essential for every public and private network infrastructure — especially for the networks behind popular services like Facebook, Google, Instagram, Twitch, Twitter, etc. It preserves the integrity and confidentiality of information by deploying layers of defences against any and all malicious threats. Though a single type of network security solution usually works for specific purposes, organizations generally utilize a set of network security solutions to opt for an all-round protection for their network infrastructure and users. In the case of Twitch, the Amazon-owned company surely missed one of them, sadly.
What do you think of the Twitch hack? Please share your thoughts on any of the social media pages listed below. You can also comment on our MeWe page by joining the MeWe social network.
