The target: Twitch.tv, a U.S based video game streaming service.
The take: Exposure of 125GB of information including source code and commit history dating back to the company’s founding, creator payout revenue from 2019 to 2021, their internal cybersecurity tool NOC tool, and which AWS services they use.
The attack vector: A misconfiguration error left one of its servers exposed, allowing the attacker to gain access to the server and exfiltrate the data of some 6000 repositories of firm storage.
It is critical to employ robust practices of credential management, user authentication and validation around all points of access. An unprotected point of entry on a key piece of equipment like a server can lead to a breach with a cascading effect on data exposure.