Another cool leak from 4chan, this time it’s Twitch. From what I can see so far it’s a legit leak.
We bring to you today an extremely poggers leak: Twitch is an American video live streaming service that focuses on video game live streaming, including broadcasts of esports competitions, operated by Twitch Interactive, a subsidiary of Amazon.com, Inc. Their community is also a disgusting toxic cesspool, so to foster more disruption and competition in the online video streaming space, we have completely pwned them, and in part one, are releasing the source code from almost 6,000 internal Git repositories, including: Entirety of twitch.tv, with commit history going back to its early beginnings Mobile, desktop and video game console Twitch clients Various proprietary SDKs and internal AWS services used by Twitch Every other property that Twitch owns including IGDB and CurseForge An unreleased Steam competitor from Amazon Game Studios Twitch SOC internal red teaming tools (lol) AND: Creator payout reports from 2019 until now. Find out how much your favorite streamer is really making! Torrent (128GB): magnet:?xt=urn:btih:N5BLZ6XECNEHHARHJOVQAS4W7TWRXCSI&dn=twitch-leaks-part-one&tr=udp%3A%2F%2Fopen.stealth.si%3A80%2Fannounce Repository listing: https://dpaste.org/MvoM Jeff Bezos paid $970 million for this, we're giving it away FOR FREE. #DoBetterTwitch
For the pervs interested:
Amouranth: $92.949 on September 2021
Pokimane: $38.217 on September 2021
moonmoon: $83.685 on September 2021
pestily: $105.107 on September 2021
shroud: $96.359 on September 2021
moistcr1tikal: $117.959 on September 2021
and many more.
BREAKING NEWS: I looked inside the archives and you wouldn't believe what I found!
// General settings $team_id = 'T1YRBFJNT'; $admin_room_id = 'G1ZFUGXU6'; $general_room_id = 'G1ZG2HADB'; $allowed_tokens = array('XfnQ3d4iSmMgLYdC9W8HBKx4' /* /duty */, 'TYccA5utJfqk85Oumbiz02T2' /* /duty2 */, 'WXYoS0AI6H6Zv1DKa3G6cvzZ' /* /time */); $bot_token = 'xoxb-68273290868-dP6DCcKLbCIAarY84IrK8bh9'; // Connect to DB to do our stuff $mysqli = new mysqli('leviathan-mysql-prod.cjmd1imzurdd.us-west-2.rds.amazonaws.com', 'slack_reminder', 'UqM6x9AB9jkjpnO9', 'slack_reminder');
// Open the SQL connection db, err := sql.Open("mysql", "chatlogs:F8xB9NDMSw1KTldF@tcp(leviathan-chatlogs-mysql-prod.cjmd1imzurdd.us-west-2.rds.amazonaws.com:3306)/chatlogs?charset=utf8mb4,utf8")
$DESK_API_DOMAIN = 'https://help.twitch.tv'; $DESK_API_KEY = 'QIpVTAyrppviIfEKg5Nj'; $DESK_API_SECRET = 'fM3KQ8MUovELgKofqA4l4HVZgdnSIJxrb1S9Ht1E';
database: leviathan username: leviathan password: QPOlnPlhyu5865sh host: 'leviathan-mysql-prod.cjmd1imzurdd.us-west-2.rds.amazonaws.com' port: 3306
$mysqli = new mysqli('betterdesk-mysql.cunim1xnmwzu.us-west-1.rds.amazonaws.com', 'twitch_reports_write', 'QjghE4wuAN8CP55g', 'twitch_reports');
and many many many others. Maybe they should use their own Secret Surfer (
security/secretsurfer) to scan their own repos for secrets? Just thowing some ideas, I don’t know.
# Secret Surfer Secret Surfer is a tool to scan the history of a Git repository for secrets. It uses a combination of pattern matching and entropy with the goal of keeping the signal-to-noise ratio high and false positive figure low. It can additionally check if a given secret is still active for certain types (including AWS access keys). What makes it unique is its speed. It can scan very large repositories in minutes. As a single example, Twitch's Puppet repository (which has close to 70 thousand commits) can be scanned in under 2 minutes. Speed scales up with more CPU cores, so throwing more compute at it will make it faster (probably with diminishing returns above 40ish cores). It's a very new tool and still has some rough edges. These will be incrementally improved over time.
Internal hosts exposed
and many others.
I have a year old stalker who we’ve reported on his throwaway accounts - you do nothing. He has done things in real life, but since you don’t care, I won’t bother explaining that he has hacked my Amazon account, added himself to payees, stolen mroe than one payment from AdSense, and comes in nightly. THANKS
Stalked me on line and real life for over the past 2 years, made multiple accounts to get around bans, even if I got his account banned he could just change his IP and make another. He started off with minor harassment (troll accounts, rude comments, DDosing and death threats). He had my IP through Skype (which is not possible any more to my knowledge) and with this he found out my location. After about a year of DDosing and stalking he decided to bring the harassment to real life by ordering pizza to my house everyday for 2 weeks and threatening to call a bomb squad to my house. He also claimed he would come to my house and murder me so this drove me to stop streaming, this was at the end of 2015 and I haven’t streamed since.
not a stream that goes by that I’m not attacked or criticized constantly for my weight. No one at twitch seems to give a remote crap either :/
Personal attacks do not phase me. They have become…tolerable somewhat because I know they will not seize. Every broadcaster will experience ‘harassment’ in some way shape or form. I understand, accept and move on from this fact. However, people have attacked my family and loved ones on social media; I have personally had my safety threatened. I do keep my personal life detached from broadcasting but it is not enough. I do not feel inclined to file reports about these incidents because they simply do not hold weight. They are hollow threats made by otherwise non-hostile people. But they exist nonetheless.
I’m a disabled streamer and I receive a lot of mocking and bullying comments in the Twitch chat. The comments range from “When are you going to die” “I hope he dies soon”. Other comments mock my Wheelchair or oxygen tubes. This occurs every steam.
I have had people in my chat asking if they can cum in my beard and also a couple death threats in the last year
Rape and death threats, sexual harassment, same old
This stuff is sickening and Twitch, Amazon and Jeff Bezos should be ashamed of themselves.
Top 10000 gross earnings
From August 2019 to October 2021, (originally from here, removed now, local mirror, mirror, local mirror in CSV format, mirror in CSV format).
A small table (for obvious reasons) of the top 100.
To get the UserID from the Username, use https://api.ivr.fi/twitch/resolve/USERNAME, for example, to get Asmongold’s UserID you visit https://api.ivr.fi/twitch/resolve/Asmongold.
vegan homo lgbt gay queer lesbian islam black trans gender muhammad kid mexican mom allah mother child women man minor god dio jesus buddha muslim girl boy white brown indian dad father disable autism latin jew blm george floyd zimmerman wife wives husband daughter son lives matter china chinese mum baby babies minority minorities aids autistic kindergarten africa america
If you cross-reference the IP addresses from the
security/notebooks/unmanaged_devices_v2.0.ipynb file with the IKnowWhatYouDownload website, you get some “cool” info. It’s not really precise (some clients give fake info to DHT) so there is that.
The leak seems to have come from
git.xarth.tv because many of the files inside
twitch.zip/docs reference this domain. Goes to Amazon Midway Auth when visited in a web browser.
For some reason all internal Twitch developers use
Also, a dataset of users with ‘unmanaged devices’ connecting to the Twitch VPN can be found inside
security/notebooks/unmanaged_devices_v2.0.ipynb and there is a chart there that plots the platform of those users.