Twitch Data Leak – Are Platforms Doing Enough To Secure Our Data?

9

October

2021

Data Security: Recent Twitch data leak shows how confidential information can be accessible for anyone through data breaches. Are platforms doing enough to prevent this?

5/5 (1)

Three days ago, another platform and its users became victims of a data leakage. This time it was Twitch, a highly popular (game-)streaming platform owned by Amazon with approximately 8.07 million active streamers/users just last month (Clement, 2021). The top streamers on the platform gather millions of viewers around the world and subsequently get paid by Twitch for providing their users with entertainment through streams. Last Wednesday, for the first time in Twitch history, confidential company information and streamers’ earnings were leaked as it became clear how much the top streamers have earned in revenue. And it was not a small leak either: BBC has reported that it was due to a massive breach of over 100GB in data (Tidy & Molley, 2021).

2021: Record-breaking amount of data leaks?

Unfortunately, this data leak of a widely-used platform is not the first and certainly not the last. According to The Identity Theft Research Center, the number of (publicly announced) data breaches so far this year has already surpassed the total number in 2020 by 17%, with nearly 281.5 million people being affected by these breaches in 2021. There have been 1,291 breaches so far, compared to 1,108 breaches last year. The report also states that we could be headed towards a record-breaking year when it comes to total amount of data leaks, with the current all-time high of 1,529 breaches being set in 2017 (Morris, 2021).

More data = more data security?

Whether this year will mark the most amount of data breaches or not, it illustrates that data security is becoming increasingly more important in order to prevent these breaches from happening. With the growth in data produced and collected by almost every business or organisation, the likelihood of the (increasingly valuable) data being leaked or systems being breached naturally increases. To put the increase of data into perspective: In 2010, the world created about 2 ZB (zettabytes) of digital information. Last year, this increased to a whopping 44 ZB in that year alone (Saha, 2020).

Needless to say, more data requires better data security. Especially considering the increase in breaches/leaks this year, companies should look to invest more in protecting their (users’) data. According to a cybersecurity market report, the global cybersecurity market size is projected to grow from 217.9 billion USD in 2021 to 345.4 billion USD by 2026 (MarketsAndMarkets, 2021). Although the cybersecurity market is increasing, will it be enough to significantly decrease data leaks/breaches?

Data equals money

Not only does a data leak hurt a platform’s reputation or its users’ privacy, it can also cost the concerned organization a lot of money. According to the annual Cost of a Data Breach Report, 2021 had the highest average cost in 17 years as data breach costs rose from 3.86 million USD to 4.24 million USD: “the highest average total cost in the 17-year history of this report” (IBM, n.d.). When looking at the example of Twitch, source code was leaked alongside revenue information of top streamers. Therefore, its competitors (e.g. YouTube Gaming) now have access to their rival’s source code and revenue information about the platform’s most valuable asset: their content providers. With the added privacy aspect of the leak, this might result in a significant loss of competitive advantage and thus loss of revenue for Twitch.

Discussion: is it enough?

Now you know how much is invested in cybersecurity and how much an average data leak actually costs, do you think companies should invest even more? In addition, do you think 2021 will go into the history books as the “least safe” year for online platforms so far? And do you think this particular breach will mark the end of Twitch’s dominant competitive position in its industry?

Let me know your thoughts and perspective.

References

Tidy, J. & Molloy, D. (2021). Twitch confirms massive data breach. Available at: https://www.bbc.com/news/technology-58817658

Clement, J. (2021). Active streamers on Twitch worldwide 2021. Available at: https://www.statista.com/statistics/746173/monthly-active-streamers-on-twitch/

Morris, C. (2021). The number of data breaches in 2021 has already surpassed last year’s total. Available at: https://fortune.com/2021/10/06/data-breach-2021-2020-total-hacks/

Saha, D. (2020). How The World Became Data-Driven, And What’s Next. Available at: https://www.forbes.com/sites/googlecloud/2020/05/20/how-the-world-became-data-driven-and-whats-next/?sh=2161cb1d57fc

MarketsAndMarkets. (2021). Cybersecurity Market with Covid-19 Impact Analysis by Component (Software, Hardware, and Services), Software (IAM, Encryption, APT, Firewall), Security Type, Deployment Mode, Organization Size, Vertical, and Region – Global Forecast to 2026. Available at: https://www.marketsandmarkets.com/Market-Reports/cyber-security-market-505.html#:%7E:text=global%20Cybersecurity%20market%3F-,In%20the%20post%2DCOVID%2D19%20scenario%2C%20the%20global%20cybersecurity,9.7%25%20from%202020%20to%202026.

IBM. (n.d.). How much does a data breach cost? Available at: https://www.ibm.com/nl-en/security/data-breach

Please rate this

Author: Roël van der Valk

MSc Business Information Management student at RSM Erasmus University - Student number: 483426 TA BM01BIM Information Strategy 2022

Was Huawei allowing an unknown app to invade into our phones?

7

October

2019

5/5 (2) As many of you probably know already, the Trump administration banned US companies from doing business with Huawei a few months ago. As a consequence, the Mate 30 Pro, Huawei’s latest flagship phone was launched without Google apps due to the import ban. The phone came with a basic, open-source Android instead of the advanced Google Mobile Service (e.g. Google Play Store, Gmail and Google Maps) we are accustomed to.

However, a few months ago an anonymous Chinese company called Lzplay came with a workaround. Through their website, you can easily download their app to gain access to Google services. Google apps should not be able to work on Mate 30 due to the lack of system-level permissions. However, Lzplay’s method managed to do so. Nonetheless, not without a price. According to John Wu, an Android security researcher, Lzplay used undocumented Huawei APIs inside the operating system that is used for device security to trick Google servers. What does this mean for your phone? After the installation of Lzplay, your Mate 30 Pro’s security is at risk since the application has administrator rights. That means that Lzplay can easily brick your phone or install ransomware without you noticing.

According to Huawei’s documentation for security authorization SDK, third party developers are required to sign legal agreements and let Huawei review it in order to gain access to the software development kit (SDK). Therefore, the developer of Lzplay was somehow aware of these undocumented APIs, signed the legal agreements, went through the reviews and eventually have the app signed by Huawei. It should also be noted that Lzplay was launched 3 days before the public launch of the Mate 30 Pro which means that Lzplay knew well about all of this before the launch and had the time to build an app, went through the review process, and launch a website. Wu suggested that Huawei is aware of the secret tools Lzplay used and explicitly allowed its existence since this will allow people to get Google Play onto the devices that would have been blocked otherwise.

Last week, Wu revealed the information regarding Lzplay and shortly after, the website of Lzplay was taken offline and the signature was remotely revoked by Huawei. Does this mean that Huawei played a part in this? It’s hard to say. According to a Huawei spokesperson, the multinational technology company has no involvement with Lzplay. It could be that Huawei created Lzplay to alleviate Google app anxiety for potential Mate 30’s customers. If this was the case, then it sure did backfire Huawei. Albeit, the backdoor may be shut for now but could be opened again through another method. Probably, a more solid one than the one Lzplay offered.

References:

Amadeo, R. (2019). ‘The Internet’s horrifying new method for installing Google apps on Huawei phones’. Accessed on 7 October 2019 on https://arstechnica.com/gadgets/2019/10/the-internets-horrifying-new-method-for-installing-google-apps-on-huawei-phones/2/

Cooper, D. (2019). ‘Huawei’s Mate 30 loses workaround for installing Google apps’. Accessed on 7 October 2019 on https://www.engadget.com/2019/10/02/huawei-mate-30-workaround-lzplay-shut-down/?guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAF-jsfJEpD19GyD_nXAQn-U0-gpP1qukCY-g7MT-c7nx7eTOV_o2k3bTYi6CoLTeBDOS1_K3xhhys9OsnNdzjmrZrp7qcUacIYBP-q26AJX2LK8XiuegqjcUF0iudVPLpmCsC2Al37FZae8eKAlFkXE0UJEBUWYTcHe4npVX0gmw&guccounter=2

Huawei (n.d.) ‘安全类授权开放开发指南’. Accessed on 7 October 2019 on https://developer.huawei.com/consumer/cn/devservice/doc/30702

Phelan, D. (2019). ‘Huawei Shock: Mate 30 Pro’s Back Door To Google Apps Slams Shut’. Accessed on 7 October 2019 on https://www.forbes.com/sites/davidphelan/2019/10/01/huawei-mate-30-pro-has-the-back-door-to-loading-google-apps-just-slammed-shut/#c69d7dc76a82

Wu, J. (2019). ‘Huawei’s Undocumented APIs – A Backdoor to Reinstall Google Services’. Accessed on 7 October 2019 on https://medium.com/@topjohnwu/huaweis-undocumented-apis-a-backdoor-to-reinstall-google-services-c3a5dd71a7cd

 

Please rate this