The massive Twitch hack last week was just the latest example of a high-profile breach that caused a frenzy in the security industry. Everyone is wondering how this could have happened, how such a large store of critical data – the source code! – could be removed without raising any alarms, how a company with Amazon-level security resources, quite literally, appeared to discover the breach only after it started spreading on 4chan.
As security professionals eagerly await to unbox and understand the “part 2” revealed by hackers, it becomes apparent that user passwords and emails are likely to be forthcoming, although there is evidence of this data is already being discovered by researchers, according to Threat Post.
The PR nightmare for Twitch has only just begun, and now millions of clear-text personal information from millions of users will soon infiltrate the threat actors seeking to capitalize on the mine of data published in this hacking.
First of all, it goes without saying that Twitch users should recycle their passwords immediately and enable multi-factor authentication on their accounts if they haven’t already; it’s just good safety hygiene. Twitch, for its part, reset all flow keys “Out of excess of caution” and has been able to maintain its online platform throughout the crisis. In itself, this is impressive and remarkable during such a massive incident.
Ongoing changes in attack tactics
Beyond the immediately compelling parts of this story – the enormity of Jeff Bezos’ lagging creator payouts – the nature of this attack and the shift to extortion rather than ransom demand is serious and significant.
Breached organizations that have lost control over their data no longer have the binary choice of paying for decryption keys or rebuilding from backups. It’s a signal that the computation for businesses in times of crisis becomes exponentially more complex when a threat actor ‘s goal is extortion instead of a simple payment for ransomware.
Twitch won’t be the last example of this emerging and vexing tactic; one that seems to be gaining momentum.
Stay one step ahead
I’m going to give Twitch the benefit of the doubt and assume it had fairly mature security operations and incident response planning – two things businesses often underinvest in until it’s too late. .
But the situation is a sobering reminder that even when an organization does everything right, there is still no 100% prevention, and threat actors only need to find a vulnerability to act. . The name of the game, now, is a well-tested and well-researched plan that sets out the response your business wants when the unthinkable happens.
Who makes the ultimate decisions? What do you need to quit and when? Who is called and in what order? It’s infinitely easier to have these discussions when it’s not a hair on fire situation. When the inevitable happens, the business and its response must be put to the test.
While the full scope of the Twitch hack remains to be seen, it’s an eye-opening situation everyone should study as a cautionary tale. Even mature, well-resourced systems can be penetrated, and malicious actors are eager to wreak havoc and take control of the data without locking it into ransomware.
Businesses need to plan and be diligent in processes and documentation, and also make sure they are doing everything possible to detect and minimize the impact in order to protect themselves. They have to keep playing an unfair game that gets progressively more complicated.