American video live streaming service Twitch says an “error” caused the unprecedented leak that posted vast amounts of sensitive data online this week.
The data appeared to include Twitch’s internal code and documents, as well as the payments made to thousands of top streamers.
Twitch now says the breach was caused by a “server configuration change” that “exposed” some data.
But it has not confirmed if all the data posted online is genuine.
The Amazon-owned company said the breach had involved “a Twitch server configuration change that was subsequently accessed by a malicious third party”.
“As the investigation is ongoing, we are still in the process of understanding the impact in detail,” it said.
The leak took the form of a torrent file posted to online forums by an anonymous user.
Its file structure contains folders labelled as containing payout information, business documents, under-the-hood software files and code, and even details of unreleased projects.
And the payouts folder contains what appear to be records of payments made to thousands of the biggest streamers on the platform over two years – showing many of the biggest brands are earning millions of dollars.
The download released online is also labelled “part one” – suggesting there may be more material yet to be posted to the internet.
Twitch said in a statement that the leak had:
- had “no indication” login details were compromised “at this time”
- did not store users’ credit-card information, so that kind of financial information could not have been exposed
- was resetting all users’ stream keys to secure broadcast