As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/

[Computer Security Thread] Twitch compromised. Like, the whole thing.

1717273747577»

Posts

  • JaysonFourJaysonFour Classy Monster Kitteh Registered User regular
    edited October 26
    In further Twitch news, apparently the hackers aren’t done yet:

    Twitch streamers are getting their payments from the site stolen.

    “Someone has gained access to my account, changed my pay-out from wire to PayPal and added their own PayPal,” Dakillzor explained.

    In a response to xSophieSophie, Twitch said “there is no recourse to reverse this transaction.” They also advised creating a new password and ensuring that two-factor authentication (2FA) is up to date. The streamer says 2FA was enabled, and still is, yet the payment method is still being changed.


    To me, this says they have a backdoor into the system somewhere, with administrator-level access to everything. The only way anybody’s going to trust them is to nuke the entirety of Twitch from orbit and rebuild it from scratch. At this point, I’d just go full red-alert and assume that everything was compromised, period- and nothing you submitted to Twitch is safe at this point.

    JaysonFour on
    steam_sig.png
    I can has cheezburger, yes?
    V1mfurlionBlackDragon480
  • TelMarineTelMarine Registered User regular
    JaysonFour wrote: »
    In further Twitch news, apparently the hackers aren’t done yet:

    Twitch streamers are getting their payments from the site stolen.

    “Someone has gained access to my account, changed my pay-out from wire to PayPal and added their own PayPal,” Dakillzor explained.

    In a response to xSophieSophie, Twitch said “there is no recourse to reverse this transaction.” They also advised creating a new password and ensuring that two-factor authentication (2FA) is up to date. The streamer says 2FA was enabled, and still is, yet the payment method is still being changed.


    To me, this says they have a backdoor into the system somewhere, with administrator-level access to everything. The only way anybody’s going to trust them is to nuke the entirety of Twitch from orbit and rebuild it from scratch. At this point, I’d just go full red-alert and assume that everything was compromised, period- and nothing you submitted to Twitch is safe at this point.

    There are other plausible reasons. Perhaps they have some malware on their devices that steals session cookies or whatever equivalent, which would render password changing/two factor useless.

    3ds: 4983-4935-4575
    NaphtaliShadowfireBlackDragon480Thawmusbowenasofyeunthatassemblyguy
  • V1mV1m Registered User regular
    JaysonFour wrote: »
    In further Twitch news, apparently the hackers aren’t done yet:

    Twitch streamers are getting their payments from the site stolen.

    “Someone has gained access to my account, changed my pay-out from wire to PayPal and added their own PayPal,” Dakillzor explained.

    In a response to xSophieSophie, Twitch said “there is no recourse to reverse this transaction.” They also advised creating a new password and ensuring that two-factor authentication (2FA) is up to date. The streamer says 2FA was enabled, and still is, yet the payment method is still being changed.


    To me, this says they have a backdoor into the system somewhere, with administrator-level access to everything. The only way anybody’s going to trust them is to nuke the entirety of Twitch from orbit and rebuild it from scratch. At this point, I’d just go full red-alert and assume that everything was compromised, period- and nothing you submitted to Twitch is safe at this point.

    Do Twitch do business in the EU? Because my GDPR senses are tingling! This is definitely a GDPR 4 breach and they have not effectively remedied it.

    autono-wally, erotibot300JaysonFourBlackDragon480
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    Given the extent of the breach, and what was taken from Twitch, the only safe move is to assume that the entire site is compromised.

    I would presume that this won't be the last we hear about an event like this.

    VuIBhrs.png
    JaysonFourIncenjucarDrovekBlackDragon480schussbowenasofyeunFremthatassemblyguy
  • CantidoCantido Registered User regular
    So this Firewalla Gold fried my AT&T modem/router. That's fun....

    3DS Friendcode 5413-1311-3767
  • ShadowfireShadowfire Vermont, in the middle of nowhereRegistered User regular
    It doesn't have PoE, how did it put enough power out to fry an ISP's gateway?

    WiiU: Windrunner ; Guild Wars 2: Shadowfire.3940 ; PSN: Bradcopter
  • CantidoCantido Registered User regular
    Fair enough. The modem was 3.5 years old and I had no issues until I tried to use the Firewalla.

    3DS Friendcode 5413-1311-3767
  • JaysonFourJaysonFour Classy Monster Kitteh Registered User regular
    Here we go again.

    Robinhood breached; 7 million people affected

    Robinhood said Monday that the popular trading app suffered a security breach last week where hackers accessed some personal information of roughly 7 million users then demanded a ransom payment.


    The online trading platform said it believes no Social Security numbers, bank account numbers or debit-card numbers were exposed and that customers have seen no financial losses because of the intrusion.

    The company on Twitter said the "attack has been contained."


    Pretty much they’re claiming the only thing the hackers got on most of those people are real names or email addresses… but honestly I’d still lock everything down. I think there’s another shoe to fall here.

    steam_sig.png
    I can has cheezburger, yes?
    autono-wally, erotibot300ShadowfireTetraNitroCubaneIncenjucarThawmusMvrck
  • MugsleyMugsley Registered User regular
    When the CEO was a young boy in Bulgaria, he didn't have to worry about cybersecurity.

  • CarpyCarpy Registered User regular
    Second, on November 2 we received a report to our security bug bounty program of a vulnerability that would allow an attacker to publish new versions of any npm package using an account without proper authorization. We quickly validated the report, began our incident response processes, and patched the vulnerability within six hours of receiving the report.

    So this was buried 9 paragraphs deep in a GitHub blog about their commitment to npm security. They claim there's no indication of it being used but they only have telemetry back to September 2020

    Incenjucarthatassemblyguyautono-wally, erotibot300JaysonFourShadowfireFrem
  • MugsleyMugsley Registered User regular
    edited November 19
    I'm SO FUCKING HAPPY I have to rely on my cable company to patch the cable router modem.

    Mugsley on
    BahamutZEROFremLostNinja
  • ShadowfireShadowfire Vermont, in the middle of nowhereRegistered User regular
    The effected list is all routers. The "modems" that are effected are gateways, so if you have a separate modem and router you should be in the clear.

    WiiU: Windrunner ; Guild Wars 2: Shadowfire.3940 ; PSN: Bradcopter
  • MugsleyMugsley Registered User regular
    I do, thank God. Now to patch my router...

  • OrcaOrca Registered User regular
    edited November 19
    Lol, Apple flagged my Discord password as compromised. Did they have a breach I missed?

    Orca on
  • LD50LD50 Registered User regular
    Orca wrote: »
    Lol, Apple flagged my Discord password as compromised. Did they have a breach I missed?

    Probably not, instead your password probably matched the hash of a password that is in a database of passwords that have been compromised. You should probably change it.

    ShadowfirezagdrobBlackDragon480
  • OrcaOrca Registered User regular
    LD50 wrote: »
    Orca wrote: »
    Lol, Apple flagged my Discord password as compromised. Did they have a breach I missed?

    Probably not, instead your password probably matched the hash of a password that is in a database of passwords that have been compromised. You should probably change it.

    Already done, but I'm surprised to see it matched.

  • LostNinjaLostNinja Registered User regular
    Not sure if this is the best place to ask but it is semi-security related. Is there a way to circumvent the “Can’t connect securely to this page” web browser message resulting from a site using outdated TLS settings?

    I know it isn’t ideal, but I get it occasionally at work when trying to visit government sites that I need access to.

  • BahamutZEROBahamutZERO Registered User regular
    Complain to your IT department probably

    BahamutZERO.gif
Sign In or Register to comment.