Tag Archive for: Twitch

Roblox, Twitch allegedly targeted by ransomware cartel

/in


Roblox and Twitch data allegedly got into the hands of the notorious ALPHV/BlackCat ransomware cartel after attackers supposedly breached an accounting software provider, Tipalti.

ALPHV ransomware posted Tipalti, a Canada-based accounting software fintech, on its dark web blog, used to showcase the gang‘s latest victims. Somewhat unusually, the ALPHV immediately resorted to extorting the victim‘s clients. The move is likely meant to encourage ransom negotiation.

Cybercrooks claim they breached Tipalti in early September and managed to remain undetected for months, allegedly exfiltrating over 265 GB of sensitive company data, including information on its employees and customers.

We reached out to Tipalti, Roblox and Twitch for comment but did not immediately receive a reply.

Tipalti Roblox
Post on ransomware gang’s dark web blog. Image by Cybernews.

Tipalti’s website claims the company provides accounts payable, procurement, and global payments automation software for businesses. Besides Roblox and Twitch, Tipalti lists X (formerly Twitter), GoDaddy, National Geographic, Business Insider, SkillShare, Canva, and others among its clients.

In an unusually long post on its dark web blog, ALPHV insisted it would target Tipalti, Roblox, and Twitch. The gang’s strategy appears to threaten Tipalti to publish data of its other customers and use recognizable brands such as Roblox and Twitch as an example.

“We remain committed to this exfiltration operation, so we plan to reach out to both these companies once the market opens on Monday as we believe we will have an even greater amount of data by then,” attackers said.

ALPHV threatened Roblox, the popular game platform and game creation system, separately, claiming it will “individually extort affected parties such as their creators,” as the supposed Tipalti breach revealed data on creator tax documents.

In early July 2022, a threat actor breached an employee account of Roblox Corporation and posted a cache of internal documents online. The hacker has already released a 4GB archive of internal documents to the forum post for public viewing.

Who is ALPHV/Black Cat ransomware?

ALPHV/BlackCat ransomware was first observed in 2021….

Source…

Twitch downplays this month’s hack, says it had minimal impact

/in


Twitch downplays this month's hack, says it had minimal impact

In an update regarding this month’s security incident, Twitch downplayed the breach saying that it had minimal impact and only affected a small number of users.

“We’ve undergone a thorough review of the information included in the files exposed and are confident that it only affected a small fraction of users and the customer impact is minimal. We are contacting those who have been impacted directly,” Twitch said.

The company also stated that no login credentials or full credit card numbers/payment data belonging to users or streamers were exposed following last week’s massive data leak.

“Twitch passwords have not been exposed. We are also confident that systems that store Twitch login credentials, which are hashed with bcrypt, were not accessed, nor were full credit card numbers or ACH / bank information,” Twitch added.

Data exposed in the incident and leaked on the 4chan imageboard primarily contained documents from Twitch’s source code repository and a subset of creator payout data.

As explained in previous updates issued after the attack, the attackers could gain access to data due to a faulty server configuration change that exposed it to the Internet.

125 GB of source code and payment reports stolen

Although Twitch hasn’t revealed what servers were misconfigured, the unknown individual behind the leak said the data was allegedly stolen from roughly 6,000 internal Twitch Git repositories.

“Their community is also a disgusting toxic cesspool, so to foster more disruption and competition in the online video streaming space, we have completely pwned them, and in part one, are releasing the source code from almost 6,000 internal Git repositories,” the anonymous poster said.

Image: BleepingComputer

According to the 4chan user, the archive leaked on the imageboard contained the following Twitch info:

  • The entirety of twitch.tv, with commit history going back to its early beginnings
  • Mobile, desktop, and video game console Twitch clients
  • Various proprietary SDKs and internal AWS services…

Source…

The DeanBeat: Twitch hack exposes more industry secrets

/in


Join gaming leaders online at GamesBeat Summit Next this upcoming November 9-10. Learn more about what comes next. 

Perhaps the lesson of the leak of a trove Twitch‘s data, source code, and internal tools is that we can expect this to happen to just about everybody in the industry. And one of these days, perhaps we won’t have any secrets left.

This week, hackers disclosed that they had penetrated Twitch’s security and had access to just about all of its secrets and they would disclose those secrets. We don’t know if they’re trying to extract blackmail payments from Twitch, but that might be a logical assumption.

Among the secrets that leaked was a list of how much money the top streamers on the livestreaming service made in subscription revenue.

The list showed that 81 Twitch streamers have made more than $1 million on Twitch since August 2019. At the top was Critical Role, a team of voice actors who stream their Dungeons & Dragons gameplay. They made $9.6 million from Twitch payments in the past two years. Making more than $5 million since August 2019 was FaZe Clan co-owner and Call of Duty streamer Nickmercs. All of the top 25 made more than $2 million each over the two years. The BBC reported that a few streamers confirmed that the figures are accurate.

Webinar

Three top investment pros open up about what it takes to get your video game funded.

Watch On Demand

This doesn’t include the money the streamers make on other platforms such as YouTube or how much they make with merchandise sales, sponsorships, and external donations. But the leak did reveal that Twitch takes a 50% share of creator earnings. That’s a pretty big cut considering those creators bring in the 2.5 million concurrent users to Twitch every day.

Above: Hackers, whistleblowers, and ransomware thieves seem like they are winning.

Image Credit: Getty Images

Twitch confirmed the hack was real. It said the data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party….

Source…

Movers and Shakers: Twitch, Ogilvy, Merkle, Uberall and more

/in


The mobile marketing industry is ever-changing, and that applies to the people as much as the technology. Movers & Shakers is our regular feature following the hottest hires in the industry, so you can keep track of who’s joined which company, and what they’re doing there.

(L-R) Constance Knight, Rahul Titus, Victoria Day, Dan Wigley, Veronika Gorkina, and Laurence Capdeville 

Twitch recruits Knight 
Live streaming service, Twitch has appointed Constance Knight as VP, Global Creators. 

Most recently Knight was the Global Head of Video Curation, Short Form Content at Instagram where she drove curation strategy, advised on product and partnership development, and managed the editorial team for Facebook’s newly launched video platform, Instagram Reels.

Prior to Instagram, she spent over 8 years at Youtube where she was responsible for leading strategic growth initiatives for content creators and media partners across multiple content verticals and communities at YouTube. Before transitioning into digital media, Constance was VP and Head of Home Entertainment at Viacom’s BET Networks. Constance began her professional career in financial services at Credit Suisse in NYC and Edinburgh Fund Managers in Edinburgh, Scotland and London, England.

Ogilvy makes two promotions 
Integrated creative network, Ogilvy UK has promoted Rahul Titus to Head of Influence across UK & EMEA and Victoria Day to UK Managing Director for Advertising. 

In his new role, Titus will be in charge of setting the strategic direction of the Ogilvy influence proposition across the UK and EMEA. He will help unlock the best of Ogilvy’s talent through creative-first, data-driven influencer campaigns covering the full spectrum from celebrities all the way to micro-influencers.

Before joining Ogilvy, Titus set up and ran MediaCom’s global influencer offering and has also served as Director of Social Talent at the YMU Group (formerly James Grant) looking after some of the world’s leading social-first talent.

Day previously held the role of Managing Partner & Head of Account Management at Ogilvy. Victoria joined Ogilvy in 2018, as MP on the flagship Boots account, later adding the award…

Source…