Twitch data breach leaves Amazon with major fine

(Image credit: Shutterstock)

2021 Twitch breach exposed sensitive data on thousands of users
An investigation by the Turkish data protection watchdog concluded the company was to blame
Twitch has to pay $58,000

Türkiye has fined Amazon $58,000 for the Twitch data breach in 2021 which affected thousands of Turkish nationals.

An anonymous hacker leaked the entirety of popular video game live streaming service Twitch, including its source code and personally identifiable information (PII) of its users. The leaked data was rolled into a 125 GB torrent, and its link was posted to the popular 4chan imageboard.

Since the breach was said to have affected Turkish citizens, the country’s Personal Data Protection Board (KVKK) opened up an investigation soon after the attack. In total, 35,274 Turkish nationals were affected, so KVKK imposed a 1.75 million lira fine for inadequate security and 250,000 lira for failing to report the breach.

Lumma and AMOS

The results of the investigation showed that the company, which was acquired by Amazon back in 2014 for $970 million in cash, “failed to take adequate security measures beforehand, addressing the issue only afterward.” What’s more, KVKK concluded that the company’s risk and threat assessment were “insufficient.”

At press time, Twitch was not commenting on the incident, however it did, at the time, downplay the importance of the breach, saying the attackers didn’t get their hands on the login credentials of users, suggesting that the threat was somewhat limited.

“Twitch passwords have not been exposed. We are also confident that systems that store Twitch login credentials, which are hashed with bcrypt, were not accessed, nor were full credit card numbers or ACH / bank information,” Twitch said.

At the time, it was reported the hacker wasn’t pleased with the community that had built around the service. and leaked the data in a bid to “foster more disruption and competition in the online video streaming space.”

Soon afterward, Twitch confirmed the breach, saying its team was “working with urgency” to understand the extent of the incident.

Via Reuters

Here's a list of the best firewalls today
These are the best endpoint protection tools right now
AnnieMac says thousands of customers have had data stolen in breach

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.