Former Twitch employees say company routinely valued speed and profit over safety and security in new report

Massive data breach "seemed inevitable".

Following this week's massive Twitch data breach - in which everything from site source code to streamer payouts were apparently leaked - a new report has accused the company of fostering a culture that values "speed and profit over the safety of its users and security of its data."

That's the claim made by The Verge, whose sources suggest this week's data breach "seemed inevitable" based on their time working at Twitch, alleging a company culture "where employees were very concerned about safety but management less so."

"There would be constant questions and discontent about the regular moderation failures," a source told the publication, noting the company would respond to issues raised "very slowly." As The Verge puts it, "If [a feature] wasn't generating revenue, then it wasn't valued as highly."

One safety concern flagged by staff related to Twitch's controversial raid feature, which has been in headlines recently after malicious users began setting up dummy accounts and bots to flood the chats of often marginalised streamers, subjecting them to doxing, harassment, and attack in a practice known as "hate raiding".

Employees are said to have highlighted potential safety issues and opportunities for abuse relating to raids prior to launch "just by virtue of their name alone", but management reportedly prioritised releasing the feature quickly over addressing concerns.

According to another source, Twitch has routinely opted not to disclose security issues it has faced, such as an unreported security flaw from 2017 that enabled scammers to contact streamers and request revenue sharing from Twitch Prime subscriptions, resulting in Twitch accounts being connected to compromised Amazon accounts - an issue said to remain a potential attack vector even now.

Twitch has at least acknowledged its most recent security breach, blaming the incident on "an error in a Twitch server configuration change that was subsequently accessed by a malicious third party". Although the company's investigation is ongoing, it says that while "some data" was exposed, it has found "no indication" user login details have been leaked.

Sometimes we include links to online retail stores. If you click on one and make a purchase we may receive a small commission. Read our policy.

Jump to comments (19)

About the author

Matt Wales

Matt Wales

Reporter

Matt Wales is a writer and gambolling summer child who won't even pretend to live a busily impressive life of dynamic go-getting for the purposes of this bio. He is the sole and founding member of the Birdo for President of Everything Society.

Related

Overwatch's McCree will be renamed Cole Cassidy next week

Amid fallout from Activision Blizzard lawsuit.

Streamer Valkyrae faces backlash for new gamer skincare range

UPDATE: Valkyrae has now responded to the criticism.

Feature | What we've been playing

A few of the games that have us hooked at the moment.

Feature | Eve Spectrum review: the best HDMI 2.1 gaming monitor?

Two months with a crowd-designed 4K 144Hz display.

You may also enjoy...

Overwatch's McCree will be renamed Cole Cassidy next week

Amid fallout from Activision Blizzard lawsuit.

King games portal which birthed Candy Crush to close after 18 years

After lengthy investigation by Paypal finally concludes.

Feature | Eve Spectrum review: the best HDMI 2.1 gaming monitor?

Two months with a crowd-designed 4K 144Hz display.

Next Sony State of Play on 27th October

Focusing on third-party releases.

Supporters only

Comments (19)

Hide low-scoring comments
Order
Threading
Eurogamer.net

Buy things with globes on them

And other lovely Eurogamer merch in our official store!

Eurogamer Merch
Explore our store