Seven Twitchfranceschibicchieraivice – Former Twitch employees shared details of the hack the company suffered in 2014 and how its approach to security evolved. It was discovered eight months before. The company refused to disclose details of the hack. Experts say hackers potentially accessed call metadata (caller ID, location) and SMS content.
Table of Contents
Twitch data leak reveals fragments of previous “Urgent Pizza” hacking incident
In 2014, the site experienced a significant hack. Recently, Twitch experienced a substantial hack in which the source code was made public. That is not, however, the first hack on the streaming service. Oddly, there are references to pizza in the stolen source code, as reported by Waypoint.
These have to do with remnants of a 2014 hack that prompted Twitch to redo its infrastructure completely. The Waypoint report states that in 2014, suspicious logs—left behind by hackers—were found in the code. Since Twitch had few, if any, specialized cybersecurity experts, the infiltration prompted a thorough investigation involving practically all personnel. One former worker reported putting in twenty hours a day for two months.
The incident was named “Urgent Pizza” by the Twitch leadership, who even printed t-shirts using the moniker.
“Urgent Pizza,” But why?
The event was called ‘Urgent Pizza’ because management had everyone do ridiculous overtime and ordered pizzas as an incentive,” said a former Twitch employee to Motherboard. Participants were given t-shirts and ‘joked’ about taking PTSD due to long working hours and a lack of knowledge of the hack’s extent, which required an entire company reconstruction.
Twitch had to rebuild its code because its servers were compromised; it was later recorded as “garbage” as the data was gradually migrated to the new servers.
The code in the recent leak includes references to the “Urgent Pizza” event, with code sequences such as “pizza item,” “remove pizza script,” and “show server is ‘clean of urgent pizza.” ‘”, “move pizza for secure. Login” and “dirty_status = True.
Before the hackers were discovered, they had so much access that they had to start over from the beginning
The remnants of the hack, which are still available today and can be found in Twitch’s source code, were stolen and dumped online by hackers last week in another critical data breach that exposed streamers’ earnings on the platform and internal source code. Twitch has changed a lot since 2014. However, former employees say the first hack had knock-on effects that can still be seen today. Twitch has not disclosed the details or extent of the breach outside of the company.
Therefore, Twitch users would only discover the breach six months after its discovery, on March 23, 2015. When the company issued a brief blog post explaining that “there may have been unauthorized access to some of the user’s account information.” Twitch. , but he did not allow it. About how damaging the hack was to Twitch inside.
Inside the company, the 2014 event would later be codenamed “Quick Pizza” and became a running joke; Twitch management printed t-shirts with the name. (The company also decided that all future events would have food-related codenames and wrote a random codename generator for them, according to the source and code produced in the 2021 event).
In the early days of Twitch, the security team was there, but it seemed to stretch thin
When former Twitch employees who spoke to Motherboard discovered the leak, some were surprised, and others were not.
However, some former employees say the damage from this latest data breach appears to be less severe than the hack of 2014. And that’s likely because Twitch has taken security more seriously since then.
Twitch has had a bad habit of hiring tons of new employees to build new products without growing teams around them, like security,” said one source. “I think they understood they had to begin entrancing this seriously in Amazon’s eyes. It’s gotten better over time. Tighter access controls, more security focus on the internal equipment used, things like that.”
Another echoed that sentiment
“But things were much better when I left. While this is a much bigger hack in terms of impact on the technical side of the business. The company’s security posture is probably mature enough to make remediation a much better process, ” they said. “It’s still very awkward, but the thinking I’ve understood about access has made the range of growth much lesser. Because while it means some serious security audits of almost all of Twitch’s code, it doesn’t have to be a company-wide, extra-months type of situation.”
But in the end, Twitch is now investigating another data breach, six years after the worst hack in its history. The security team did everything they could,” said a former employee. “So it’s annoying to see belongings get to this point.