Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I also worked for Twitch and can confirm what you're saying is true. These repo's any staff member had access to - including non-engineering staff.

Revenue for the longest time was as simple as navigating to a streamers dashboard as staff, but they did finally gate that away from staff who don't need to see that info, however I am sure there are other ways to obtain revenue reporting info.

I am assuming all data - including personal - has been compromised but so far, the data leaked is data that most staff would have access to in some way or another. Some may find that shocking, but this was not a "high level hack"



I'm actually very happy to hear they finally added a flag for payout access. It's been years since I was there and my eyes bugged out when I saw what I had access to without needing it.


Parent company was no different.


Why did non engineers have access to repos?


The better question is, why did random engineers have access to the financials of the streamers on the platform, without having to go through a break-glass, audited, emergency access escalation.


Allegedly it also contains AWS access keys. I feel bad for the engineers who will have to answer for this.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: