Twitch defaced with images of Jeff Bezos (Oct. 8, 2021)

Sicherheit (Pexels, allgemeine Nutzung)[German]Unknown people managed to deface the website of the streaming provider Twitch, which belongs to Amazon, on October 8, 2021. For a few hours, a number of game background images were replaced with photos of former Amazon CEO Jeff Bezos. Can Twitch's service still be considered safe?


On user reported, that images of Bezos were displayed in the pages of GTA V, Dota 2, Smite, Minecraft, Apex Legends and many other games. The following image was posted on One user writes:


It looks like every image that was there has been replaced with this image [of Bezos]. (Several games don't have images at the top of their pages – only select ones do).

What's concerning here (depending on how these were changed anyway) is that this is also the same CDN that hosts a lot of content for Twitch. Profile header images, profile pictures, emotes…. if they choose to track these, who knows what could happen today.

This change to the Twitch websites is extremely inopportune, as a major data leak was revealed this week, where Twitch's source code and a lot of other data was made available on torrent by an unknown party (see my post Twitch: Source code and payments leaked). Twitch wrote in a separate post, that the access by a third party to the data was only possible due to a misconfiguration of the server.

Since this has probably been fixed, the question is how reliable this statement from Twitch is that the reported data leak happened due to a server misconfiguration. Did the hackers get hold of access data or did they find security holes in the source code? The Verge also raises this question in this post and writes that it is unclear how they managed to share the images. In another post, The Verge writes that Twitch's security problems started long before the current event. According to sources who claim to know about internals, profit and speed have always taken precedence over user security. Security issues had been kept quiet – including a problem from 2017.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *