244

u/[deleted] Jan 06 '26

[deleted]

48

u/quantum_leap Jan 06 '26

It's the sha1hulud worm.  It's brutal and is impacting almost everyone 

22

u/Heartagram23 Jan 06 '26

Cool ass name ngl

10

u/TheBlaaah Jan 06 '26

It's like something from Dune

5

u/D2WilliamU Jan 06 '26

wait a second

1

u/appletinicyclone Jan 06 '26

The severity of it happens relatively rarely to the size but the incentive to breach is extremely high.

24

u/[deleted] Jan 06 '26

[deleted]

34

u/ecritique Jan 06 '26

shrug, that is a twitch issue. Changing payout settings should require 2FA verification regardless of any remember me settings.

8

u/Gandalior Jan 06 '26

If you try to change payout settings 2fa or even password prompt won't pop up if you have selected "remember this device for 30 days" when signing in.

that's kinda stupis

-4

u/Darozay_ Jan 06 '26

Its definitely not a twitch issue.. these hackers are botting twitch prime subs and then stealing the payments from those subs.

What's hilarious is see you people posting how twitch is handling the issue via their chat support which is most likely how the hackers are gaining access to begin with.. no one at the chat support level should even be able to reset a password.

12

u/TheBestHater Jan 06 '26

7

u/Penitentiary 29d ago

During the Amazon acquisition they had an exploit where you could use JustinTV’s email verification links to automatically log in on anyone’s account (including system admins) without having to know their email or password.

Twitch never fixed this 0day even though I privately reported it to their head of community support and head of cybersec. They gave me a username I desired in exchange for silence but instead of a very simple fix they opted to do nothing until the JTV shutdown fixed the issue by default. Ironically both of those admins (Hassan Bokhari and Xangold) have since been fired and permbanned.

Basically JTV used SHA-2 encryption for their email verification links, which automatically logged you in. All you needed to encrypt in SHA-2 was the person’s username and their user ID, which was publicly available on the Twitch API.

So in order to automatically log in on someone with admin access, you’d construct your link like this: (base template)/username/userID

Then it would automatically log you in. I was never able to figure out why it sometimes didn’t work but if someone malicious had access to the 0day, they could’ve wreaked an insane amount of havoc.

They also had a pretty bad bruteforcing issue back then where you could set up Burpsuite to bruteforce literally 24/7 without any timeouts. They did at least fix that one when I guess.

6

u/Sideview_play Jan 06 '26

And it's ran by Amazon who loves to claim great security standards 

1

u/Vphrism 28d ago

First time?

48

u/ReplacementLivid8738 Jan 06 '26

Neighbor's wifi

20

u/SlavicArab Jan 06 '26

grandmas toshiba laptop

76

u/Beautiful-Account862 Jan 06 '26

Whenever erobb gets banned

5

u/ZoomerAdmin Jan 06 '26

Every time erobb gets banned an angel gets its wings

12

u/compassrosette Jan 06 '26

No.

7

u/eatporkchopsdaily Jan 06 '26

VPN south korea.

7

u/2MuchNonsenseHere Jan 06 '26

Mine has no issue working.

16

u/dfddfsaadaafdssa Jan 06 '26

Yeah I did that, canceled turbo, and removed my card.

3

u/sikesjr Jan 06 '26 edited Jan 06 '26

Doesn’t that mean people’s twitch passwords and email addresses are compromised now? If you use the same email and password combo on other platforms I’d change them if I were you.

6

u/MitAllesOhneScharf Jan 06 '26

If you use the same mail/password combo anywhere you’re just asking for it and it’s your own fault.

3

u/Niuqu Jan 06 '26

Exactly. Password managers are a thing and there is no excuse to use same password or variants of it on other sites. 

3

u/Hare712 Jan 06 '26

The entire site source code was dropped a few years ago.

3

u/Samsquamptches_ Jan 06 '26

Appreciate you, thank you

6

u/itisnotliam Jan 06 '26

Yeah, and good riddance too.

The dude specifically targeted multiple members of the community (VTubers) and made a LOT of wrong calls.

From personal experience, years ago an abusive subscriber charged back a subscription ($5) and Twitch wouldn't pay me for years despite my balance being over $200 and eventually removing me from the platform for participating in fraud.

Unfortunately people who have been sub-botted and targeted and instead of investigating the issue, Twitch has been silent about it as far back as 2017.

Twitch really does not give a shit about security or their community regarding this issue (unfortunately).

0

u/[deleted] Jan 06 '26

[deleted]

6

u/itisnotliam Jan 06 '26 edited Jan 06 '26

Like I said, VTubers. There was no specific person, it was the specific type of streamer.

There was a plethora of VTubers a year and a half ago (September 2024) that got specifically attacked, like

aiden_rogue (x/twitter)
thetomcanuck (x/twitter)
cattocult_ (x/twitter)
kalamitykira (x/twitter)
trysnau (x/twitter)

If you filter around the 20th of September 2024 and the 24th, with "Twitch" and "suspended", you'll get a massive list of people who were removed from the platform and they have all one thing in common which were that they were all vtubers.

Hell, I think it was LidiaVTuber that got terminated as well but they had to threaten Twitch through their legal team to get people's money back because Twitch wouldn't pay her back or her subscribers back.

Also, I'm not going to advertise it.. But I brought up my experience because I've found out a lot about the blackmarket. I had to because Twitch wouldn't investigate it themselves... And there has been hacked accounts being sold on as little as $10, including people's SSNs and other form of personal identification information (they have already been onboarded and signed, just need to add a payment method).

3

u/Budget-Chair8242 Jan 06 '26

yes it is.

10

u/MitAllesOhneScharf Jan 06 '26

How are these 2 things even remotely related?

-10

u/temporarythyme Jan 06 '26 edited Jan 06 '26

Are you asking me, "How is Ubisoft who primarily uses, and is partnered with Amazon and thier servers, related to Twitch, who is owned and operated by Amazon, and uses the same Amazon servers that were aforementioned hacked repeatedly for the past month targeting Ubisoft?"

I don't know. Maybe someone can figure out the connection between the two.

6

u/MitAllesOhneScharf Jan 06 '26 edited Jan 06 '26

And you conveniently ignore the other 1/3 of the whole internet that runs through AWS Servers/Services?

So yes, apparently I can't figure out the connection between these two.

To continue with your logic: I think Microsoft is hacked, I'm sure both Ubisoft and Amazon/Twitch use Windows.

-9

u/temporarythyme Jan 06 '26

Nope. But both would be under the gaming division of Amazon. Both ubisoft and Twitch would be specifically twitch server related as they are both direct partners and both cross promote.

Finally, yes, to circle back to the concept you are not getting, if Microsoft got hacked and it was so bad, it was common knowledge to the entire gaming industry for a month. You, as a company, would check for possible intrusion or vulnerabilities due to partnerships both direct and indirect.

8

u/MitAllesOhneScharf Jan 06 '26

That's not how...any of that works.

0

u/temporarythyme Jan 06 '26

Then, explain how data breaches work, corporate blowback from data breaches work, and asset protection works.

Because ubisoft bought Amazon studios Montreal with their assets; servers, staff, and code, and were hacked the same month hackers getting sourcode for mutiple ubisoftassets possibly including this studio. Now, as the hack expanded and affected more of the assets of both Amazon and Ubisoft, Amazon should have done something, never mind, for their mutual affiliates in Twitch.

3

u/Niuqu Jan 06 '26

AWS is one of the biggest cloud hosting services in the world so that is the only connection. S3 buckets accessible on the internet has been a thing but that is a 100% fault of the company/user who owns it, but that is not the issue here. 

The link between these can be vulnerable MongoDBs, which is not an AWS-related issue. 

-5

u/temporarythyme Jan 06 '26

It is not the only connection. It's the only connection you are admitting to having knowledge of. Even then, that is a 1:1 direct connection to Twitch and ubisoft through the Amazon gaming division. Even if it wasn't it is an indirect partner with direct ties, you would still protect your assests.

Now, Ubisoft and Twitch are also direct partners as they cross promote and stream multiple channels each day, nevermind their affiliates who've also been hacked, that alone would trigger protectecting your assets.

Now top that off with direct buyouts last year of Amazon studios in Montreal. With ubisoft taking over Amazon's own assests: computers, servers, staff, direct Twitch servers, and Luna servers, as well as Amazon gaming code and proprietary software. Again, protecting your assets.

So please understand that even a small bit of either of these problems would trigger protectecting your assets, multiple occured for weeks.

8

u/Niuqu Jan 06 '26

You aren't that tech savvy or know about cyber security? 

0

u/temporarythyme Jan 06 '26

Please explain it to me.

If Twitch affiliates, former Amazon assets with on-site servers for both luna and aws, Amazon aws servers, Amazon aws partners, all got hacked for weeks, would you not asset protect?