Cybersecurity news headlines for October 2021

October’s edition of cybersecurity news features three stories that made headlines. In early October, it was revealed that live-streaming platform Twitch has suffered perhaps one of the biggest hacks in recent years when the platform in its entirety got leaked online. The 125GB torrent was posted on a hacking forum and included the payouts for the platform’s biggest streamers. In other news, law enforcement agencies from seven countries in addition to assistance from Europol were able to arrest 150 vendors and buyers from one of the biggest, now-defunct darknet marketplaces DarkMarket. And lastly, UK’s newspaper The Telegraph leaked 10TB of data after failing to secure one of its databases.

 

 

Without further ado, here’s what made the biggest headlines in cybersecurity in October 2021.

125GB of Twitch data posted on a hacker forum, exposing source code and creator payouts

In one of the most significant hacks in recent history, live-streaming platform Twitch had its entire website leaked, including its source code. Though perhaps what was more interesting to the general public was the earning leaks that showed just how much money the biggest Twitch streamers are making on the platform.

On October 6, an anonymous poster uploaded a 125GB torrent on 4chan, explaining that the file contains the “entirety of twitch.tv with comment history going back to its early beginnings”. The Amazon-owned platform apparently earned the ire of the hacker for being a “disgusting toxic cesspool”.

“Their community is also a disgusting toxic cesspool, so to foster more disruption and competition in the online video streaming space, we have completely pwned them, and in part one, are releasing the source code from almost 6,000 internal Git repositories,” the post claims.

The hacker proceeded to name what the torrent file contains:

• Entirety of twitch.tv, with comment history going back to its early beginnings.
• Mobile, desktop and video console Twitch clients.
• Various proprietary SDKs and internal AWS services used by Twitch.
• Every other property that Twitch owns, including IGDB and CurseForge.
• An unreleased Steam competitor from Amazon Game Studios.
• Twitch SOC internal red teaming tools.

Twitch explained that the data was exposed because of an error in a Twitch server configuration change.

“We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party,” Twitch said in an update about the breach.

According to Twitch, no passwords, login credentials, credit card numbers, or ACH/bank information was exposed.

“The exposed data primarily contained documents from Twitch’s source code repository, as well as a subset of creator payout data. We’ve undergone a thorough review of the information included in the files exposed and are confident that it only affected a small fraction of users and the customer impact is minimal,” the latest Twitch update released in relation to the hack reads.

Included in the torrent were also creator payouts covering the last two years. This last part is what attracted the most attention from both the media and the general public. Even before the leak, it was not difficult to guess how much Twitch streamers were earning because many did not hide their subscriber counts. However, the leak clearly displayed the amounts, which some streamers have confirmed to be quite accurate, shocking some people with just how much money a successful career in streaming can make.

The poster called the leak “twitch leaks part one”, indicating that it’s only the first of at least a couple of leaks. It’s currently unknown whether they plan on posting any more data, though it’s only been a month since the post.

150 dark web vendors and buyers arrested by law enforcement

150 suspects have been arrested by law enforcement for allegedly buying and selling goods on DarkMarket, the then-largest illegal marketplace. DarkMarket was taken down in January 2021 during an international operation involving law enforcement agencies from Germany, Australia, Denmark, Moldova, Ukraine, the United Kingdom, and the US, with Europol providing support.

“At the time, German authorities arrested the marketplace’s alleged operator and seized the criminal infrastructure, providing investigators across the world with a trove of evidence. Europol’s European Cybercrime Centre (EC3) has since been compiling intelligence packages to identify the key targets,” Europol said in their press release.

The operation that led to the arrest of the 150 suspects was “composed of a series of separate but complementary actions” in the following 9 countries: Australia, Bulgaria, France, Germany, Italy, the Netherlands, Switzerland, the UK, and the US. The operation was dubbed Dark HunTOR.

Operation Dark HunTOR was a direct consequence of the DarkMarket takedown, as all detained suspects were either vendors or buyers on the market. A number of the suspects were considered to be High-Value Targets by Europol. They were all identified following the DarkMarket takedown.

According to Europol, more than €26.7 million in cash and virtual currencies, 152 kg of amphetamine, 27 kg of opioids, 21 kg of cocaine, 32 kg of MDMA, and over 200,000 ecstasy, fentanyl, oxycodone, hydrocodone, and methamphetamine pills, as well as 45 firearms were seized during the operation.

Italian authorities were also able to shut down two dark web marketplaces, DeepSea and Berlusconi, and arrest 4 administrators.

The investigation is still ongoing and will likely lead to more arrests.

The Telegraph accidentally leaks 10TB of data

One of the UK’s largest newspapers The Telegraph has accidentally leaked 10 TB of data following failure to secure one of its databases. Internal logs, full subscriber names, email addresses, device info, URL requests, IP addresses, authentication tokens, and unique reader identifiers were among the data exposed. The unprotected database was discovered by researcher Bob Diachenko in September this year. He contacted the newspaper but it took two days for them to secure the database.

According to Diachenko, the leak happened due to an unsecured Elasticsearch cluster. It remain unsecured throughout September and was accessible to anyone without any kind of authentication or password required.

“An investigation showed that only a small number of records were exposed – less than 0.1% of our users and we have contacted all the users to advise them. The investigation also concluded that whilst the data was exposed it was not breached other than the discovery posted by the researcher,” a statement sent by The Telegraph to Bob Diachenko reads.

It is not known whether any malicious actors took advantage of the leak. Nonetheless, The Telegraph subscribers should be extra vigilant when opening unsolicited emails, especially if they come with attached files. Users should also be wary of links in emails as they could lead to malicious or phishing sites.

References

• Chris Scullion. The entirety of Twitch has reportedly been leaked. Video Games Chronicles.
• Press Release. DarkMarket: world’s largest illegal dark web marketplace taken down. Europol.
• Press Release. 150 arrested in dark web drug bust as police seize €26 million. Europol.
• International Law Enforcement Operation Targeting Opioid Traffickers on the Darknet Results in 150 Arrests Worldwide and the Seizure of Weapons, Drugs, and over $31 Million. Department of Justice.
• Bob Diachenko. UK newspaper The Telegraph exposed to his first ever giant data leak. Cool Tech Zone.