Are our datasets encrypted, with the keys provided to those with demonstrated access and only when that access is necessary?.
Does Klein’s observation on ease of access trumping security apply?.Are the crown jewels that I am tasked to protect adequately protected?.Since then, it’s been radio silence on the Twitch blog front.
#Least privilege access update
The service forced an update of all users’ stream keys on October 7.
An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios. “Every other property that Twitch owns” including IGDB and CurseForge. Proprietary SDKs and internal AWS services used by Twitch. Mobile, desktop, and console Twitch clients. The entirety of Twitch’s source code with commit history “going back to its early beginnings”. What exactly went out the door and onto 4Chan? According to Video Games Chronicle, which first reported on the breach, the following data sets were exposed: Thank you for bearing with us.” In an October 6 blog post, the company blamed “an error in a Twitch server configuration change that was subsequently accessed by a malicious third party.” Thus, Twitch pointed the finger for the posting of the 125GB of sensitive internal information to an external third party and not toward a malevolent insider. We will update the community as soon as additional information is available. Our teams are working with urgency to understand the extent of this. Twitch, via a Tweet, acknowledged the breach, “We can confirm a breach has taken place. 
No company wants to see its crown jewels exposed to the elements, yet this is what happened to the Amazon-owned online streaming platform Twitch on October 6 when 125GB of its data was posted on 4Chan.
0 kommentar(er)
