Former Twitch employees say company consistently values ​​speed and profit over safety and security in new report • Eurogamer.net

In the wake of Twitch’s massive data breach this week – in which everything from site’s source code to streamer payments was apparently leaked – a new report accused the company of fostering a culture that values ​​”speed. and profit rather than the security of its users and the security of its data. . “

This is the claim by The Verge, whose sources suggest this week’s data breach “seemed inevitable” due to their time working at Twitch, alleging a corporate culture “where employees were very concerned about safety but management less “.

“There would be constant questions and discontent about the regular failures of moderation,” a source told the publication, noting that the company would respond to issues raised “very slowly.” As The Verge puts it, “if [a feature] was not generating income, so it was not valued as high. “

A security issue reported by staff related to Twitch’s controversial raid feature, which grabbed the headlines recently after malicious users started creating fake accounts and bots to flood the chats of often marginalized streamers, subjecting them to doxing, harassment and attacks in a practice known as “hate raid”.

Employees reportedly pointed out the potential security concerns and abuse opportunities associated with the pre-launch raids “just because of their name alone,” but management reportedly prioritized the early release of the feature rather than releasing the feature. problem resolution.

According to another source, Twitch has consistently chosen not to disclose the security issues it faced, such as an unreported 2017 security breach that allowed crooks to contact streamers and request revenue sharing from subscriptions. Twitch Prime, causing the compromised Twitch accounts to connect to Amazon. accounts – an issue that would remain a potential attack vector even now.

Twitch at least acknowledged its most recent security breach, attributing the incident to “an error in a Twitch server configuration change which a malicious third party subsequently accessed.” While the company’s investigation is ongoing, it says even though “some data” was exposed, it found “no indication” that users’ login details had been disclosed.