fbpx
Connect with us

Cybersecurity

Your Twitch account was definitely hacked, here’s what we know so far

Published

 on

Twitch

On October 7, Twitch confirmed that an enormous hacking incident took place. Large data sets including the platform’s private source code, unreleased projects, and how much streamers are getting paid were released to the public. 

While social media users thought Facebook’s massive whistleblower scandal was the top news story of the week, the cybercriminals outdid themselves to the point where it got everyone questioning, “how did it happen?” and “how bad is it?” 

While Twitch is still working its way into coming up with a concrete answer as to how it happened, security experts are warning of potentially terrible repercussions on the streaming platform.  

“Reading of a data breach that includes the entire source code, including unreleased software, SDKs, financial reports and internal red-teaming tools will send a shudder down [the spine of] any hardened infosec professional,” ThreatModeler founder and CEO Archie Agarwal told the Threatpost blog. “This is as bad as it could possibly be.” 

“The first question on everyone’s mind has to be, ‘How on earth did someone exfiltrate 125GB of the most sensitive data imaginable without tripping a single alarm?’ There’s going to be some very hard questions asked internally.” 

The streaming giant has only pointed the finger at an error to a server configuration, but according to The Verge, multiple sources claim that “the company valued speed and profit over the safety of its users and security of its data.” 

An employee who worked at Twitch from 2017 to 2019 spoke to The Verge on the condition of anonymity, describing the work atmosphere as negligible to the safety of users. 

“There would be constant questions and discontent about the regular moderation failures,” the source told The Verge, noting that Twitch’s management response was “very slow.” 

“If it wasn’t generating revenue, then it wasn’t valued as highly,” the source added 

Not only will this hacking incident reap dire consequences on Twitch, but it will also affect its parent company Amazon. 

According to The Verge, “the source notes that attackers can now see the shortcuts and APIs for internal Amazon services thanks to this leak. Because Amazon’s Prime Gaming offers revenue to streamers through subscriptions, the source warns it could be a fresh attack vector for hackers aiming to make money.” 

A number of sources described Twitch as a platform that does not prioritize safety. Even though Amazon acquired Twitch, the streaming platform was granted absolute control over its technological operation. Hence, Twitch utilized a bunch of third-party services that Amazon usually isn’t concerned with.  

“Twitch was on Slack before Amazon eventually adopted it, and two sources say Twitch has struggled to perform effective audits on the software and tools it has been using in the past,” The Verge added. 

With all this information in mind, it becomes clear why a configuration error resulted in the hack of over 8 million user accounts.  

This isn’t the first time Twitch faces a hacking incident. In 2015, the streaming platform battled with security issues that led to unauthorized access to Twitch accounts. However, this new incident saw worldwide attention due to its alarming size, forcing the streaming giant to address it quickly and publicly. 

“As the investigation is ongoing, we are still in the process of understanding the impact in detail,” Twitch said in a statement.  

Yet, as Twitch races to understand exactly how this happened, millions of people are now leaving the platform as the hacking incident proved that their security and safety is at risk any moment now. 

Rim is an experienced content writer with a demonstrated history of working in various niche industries.

Cybersecurity

Australia to ‘fight back’ against hostile states in cyber – minister

Published

 on

Australia and Britain will “fight back” against cyber attacks from China, Russia, and Iran, defense minister Peter Dutton said ahead of consultations with Britain in Sydney.

Australia’s defense and foreign affairs ministers will meet with Britain’s defense secretary Ben Wallace and foreign secretary Liz Truss on Friday for the annual Australia-United Kingdom Ministerial Consultations (AUKMIN).

Australia and Britain would coordinate cyber sanction regimes to increase deterrence, raising the costs for hostile state activity in cyberspace, said foreign affairs minister Marise Payne, after signing an agreement on Thursday with Truss.

“Australia is committed to working with partners such as the UK to challenge malign actors who use technology to undermine freedom and democracy,” Payne said in a statement.

Dutton said Friday’s meeting would have a big focus on cyber.

“Both the UK and Australia get regular attacks from Russia and from China, Iran and other countries,” he said on radio, adding they would “fight back”.

Discussions will also identify areas where Australia and the Britain can work together in the Indo-Pacific region, and Australia’s nuclear submarine program.

The new Aukus defence alliance with Britain and the United States, which last year prompted Australia to cancel a contract for a conventional French submarine in favour of a nuclear submarine prpgram supported by the United States and Britain, was crucial for Australia, he said.

“They are big countries and they have big military machines and are important allies and friends for us as a smaller country of only 25 million people if we are going to deter countries from aggressive behaviour,” he said.


SYDNEY (Reuters)

Continue Reading

Cybersecurity

China drafts rules on security reviews for apps influencing public opinion

Published

 on

China’s cyber regulatory body issued on Wednesday draft rules governing mobile apps, including a requirement for security reviews of apps whose functions could influence public opinion.

The proposed regulations are part of a campaign run by the Cyberspace Administration of China (CAC) over the past year to increase oversight of the country’s tech companies.

The public has been invited to give feedback on the draft rules by Jan. 20.

The proposals will require application providers to carry out a security assessment before launching “new technologies, new applications, and new functions” capable of influencing opinion or mobilising the public.

The CAC did not specify any specific apps or outline the security assessment process other than to say it should be carried out in accordance with national regulations.

The proposed rules would apply to “text, picture, voice, video and other information production”, as well as instant messaging, news dissemination, forum communities, livestreaming, and e-commerce, the regulator said.

The regulator added that mobile app providers must not conduct activities that endanger national security, or force users to share non-essential personal information.

News apps must obtain licenses granting permission to publish news, it said.

Over the past year, Chinese authorities have tightened regulations across a number of industries, ranging from gaming to real estate to education.

The CAC has led a number of initiatives targeting the country’s tech sector.

On Tuesday, CAC announced it would implement two new rules. One rule requires platform companies with over 1 million users to undergo security assessments before listing overseas, which would take effect in February. The other rule governs companies’ use of recommendation algorithms, which would take effect in March.


SHANGHAI (Reuters)

Continue Reading

Cybersecurity

China to order cybersecurity reviews for some firms seeking overseas listings

Published

 on

China said on Tuesday it would put in force new rules that will boost oversight over how its platform companies make plans to list abroad or use recommendation algorithms, in moves set to tighten Beijing’s grip over its sprawling technology sector.

The Cyberspace Administration of China (CAC) said it would from Feb. 15 implement new rules that require platform companies with data for more than 1 million users to undergo a security review before listing their shares overseas.

In a separate statement, the CAC also said it would implement new rules governing the use of algorithm recommendation technology from March 1, requiring companies to give users the right to switch off the service and increasing oversight of news providers that use such technology to disseminate information.

Both sets of rules were proposed last year and are expected to potentially impact a large swathe of companies, such as TikTok owner ByteDance, e-commerce giant Alibaba Group and many more smaller players.

ByteDance and Alibaba did not immediately respond to Reuters’ request for a comment.

The CAC move comes amid a slew of regulatory changes in China over the past year that have dampened the appetite of firms to list overseas but bankers hope the new rules will provide more clarity in 2022.

The CAC did not specify whether the rules will apply to companies seeking listings in Hong Kong. But lawyers and bankers said based on its wording it appeared that Chinese companies with more than 1 million users seeking to list in the city would not be required to seek the cybersecurity review.

“Hong Kong is being treated as part of China, offshore though not foreign market, and this paves the way for more deals to return to Hong Kong,” one investment banker at a Western institution told Reuters, asking not be named as he was not permitted to speak to the media.

In Hong Kong, the Hang Seng Index fell 0.36% and the city’s tech index lost 1.44%.

Shares in Hong Kong Exchanges and Clearing Ltd, the operator of the Hong Kong stock exchange, were last down 1.9%. They fell as much as 2.4% following the announcement.

“If this is not retrospective then it would only affect listing aspirants and not companies already listed. Having said that, companies in the latter camp already have a lot on their minds,” said Justin Tang, head of Asian research at investment adviser United First Partners in Singapore.

The rules published on Tuesday did not specify whether the planned changes would be retrospective.

NARROWED SCOPE

The CAC first proposed the cybersecurity reviews in July https://www.reuters.com/world/china/china-widens-clampdown-overseas-listings-with-pre-ipo-review-firms-with-large-2021-07-10, saying they would put a focus on the risks of data being affected, controlled or manipulated by foreign governments after overseas listings.

Alex Roberts, who tracks data policy at law firm Linklaters in Shanghai, said the new rules appeared to have shrunk the scope of the companies likely to be affected by the changes, as compared to the proposal made in July.

“The most significant change in these cybersecurity review measures seems to be the narrowing of the review’s application to only critical information providers, data processors that may impact national security, or platform operators holding over 1 million individuals’ personal data,” said Roberts, but he added the rules still do not provide ample specificity as to what types of companies will be affected.

“This ambiguity will be a real concern for successful multi-channel businesses in China’s digital economy given the current uncertainty of the review process.”

The CAC changes come after a slew of recent moves by Chinese authorities to boost oversight over Chinese companies’ offshore listings.

China’s state planner said last week it would demand regulatory clearance https://www.reuters.com/world/china/china-tightens-scrutiny-offshore-listings-sectors-off-limits-foreign-investment-2021-12-27 for overseas Chinese listings in sensitive sectors such as internet news and publishing.

Separately, the China Securities Regulatory Commission (CSRC) said on Dec. 24 it would require companies wishing to list overseas to submit filings to the agency first for registration, under a system that also involves close coordination among various regulatory bodies.


SHANGHAI (Reuters)

Continue Reading

Trending