Although the platform claims that it has no evidence that access credentials have been stolen, cybersecurity experts recommend activating two-step authentication to avoid problems
No one is invulnerable on the Internet, no matter how large the institution or company on duty is. Twitch , one of the most important streaming platforms in the world, has suffered a cyberattack that, so far, has exposed the source code of the website, information about its versions for mobile devices, desktop systems and consoles and payments to creators, among other things. In total, the leak is 125 GB of data , however, to date only the first part could have been shared, according to the user who shared the information package yesterday on the 4Chan anonymous message forum.
Twitch has acknowledged the attack in a statement stating that the theft occurred due to “an error in a server configuration change” that allowed a malicious user to access the data. The platform, however, is still investigating the scope of the attack. Likewise, it points out that there is no evidence that user accounts have been compromised and recalls that “it does not store the full numbers of the credit cards, so the full numbers of the credit cards were not exposed.”
As Josep Albors, head of research and awareness at the cybersecurity company ESET, explains to ABC, a failure in a configuration change can be of various types. «If they have not implemented the security measures, testing can reach the information. It is not something generic, we could be talking about a lack of security patches that allow unauthenticated access or an error that allows you to access with administrator permissions and move through the files. The description they have given is very generic, “says the expert.
Beware of scams
Albors explains that the information shared so far is already quite succulent and is concerned about the possibility of more parties . In addition, it warns about the possible malicious uses that other cybercriminal groups may give the attack: “Although user credentials have not been leaked, we have seen in previous leaks that they have a very large echo than other criminals, who have had nothing to do with it. , try to profit from cyber scam campaigns ».
These scams would consist, according to the head of investigation, in email campaigns in which criminals would impersonate Twitch itself through email messages “to request credential changes.” Something that, indeed, is quite common on the internet.
ESET highlights that, although there is no evidence that credentials have been leaked, it is a good idea for users to take the opportunity to make changes to the password and replace it with a more appropriate one . It is also remembered that it is important not to use it on several platforms, to limit the access of cybercriminals in the event of a leak and, above all, to activate the double authentication factor . “That is the most important thing, the double authentication factor is something that you have on your mobile. When the cybercriminal is active, he needs two things to access your account, and that makes it much more complicated, ”says Albors.
To activate it, the user only needs to go to the configuration section of their Twitch account, select the option to edit the Two-Step Authentication and activate the authentication options they want, either through an application, SMS message or both (which would be the most recommended option).