https://www.reddit.com/r/Twitch/comments/q2gcq2/over_120gb_of_twitch_website_data_has_been_leaked/
https://www.theverge.com/2021/10/6/22712250/twitch-hack-leak-data-streamer-revenue-steam-competitor
twitch.tv hacked, change your passwords
posted in
Off Topic
https://www.reddit.com/r/Twitch/comments/q2gcq2/over_120gb_of_twitch_website_data_has_been_leaked/
https://www.theverge.com/2021/10/6/22712250/twitch-hack-leak-data-streamer-revenue-steam-competitor
https://www.theverge.com/2021/10/6/22712250/twitch-hack-leak-data-streamer-revenue-steam-competitor
https://pastebin.com/LjmaPNam
ctrl f ppl u wanna see
looks like our boy b4nny grossed 80k on twitch circa 2 years ago
https://pastebin.com/LjmaPNam
ctrl f ppl u wanna see
looks like our boy b4nny grossed 80k on twitch circa 2 years ago
ctrl f ppl u wanna see
looks like our boy b4nny grossed 80k on twitch circa 2 years ago
people are really just getting shafted by taxes after receiving this payout
people are really just getting shafted by taxes after receiving this payout
i wonder how fast xQc's account got snaked and i wonder if anyone was able to do any damage with it
i wonder how fast xQc's account got snaked and i wonder if anyone was able to do any damage with it
Reerohttps://pastebin.com/LjmaPNam
ctrl f ppl u wanna see
looks like our boy b4nny grossed 80k on twitch circa 2 years ago
pastebin is 404'd
Also, I thought he would be making way less
[quote=Reero]https://pastebin.com/LjmaPNam
ctrl f ppl u wanna see
looks like our boy b4nny grossed 80k on twitch circa 2 years ago[/quote]
pastebin is 404'd
Also, I thought he would be making way less
ctrl f ppl u wanna see
looks like our boy b4nny grossed 80k on twitch circa 2 years ago[/quote]
pastebin is 404'd
Also, I thought he would be making way less
i wonder if pastebin staff actually took that down. i have never seen that before
didn't even know pastebin had staff
i wonder if pastebin staff actually took that down. i have never seen that before
didn't even know pastebin [i]had[/i] staff
didn't even know pastebin [i]had[/i] staff
glassi wonder if pastebin staff actually took that down. i have never seen that before
didn't even know pastebin had staff
Wouldn't be surprised. Pastebin have been super lame as of recent, got rid of the search function and actively went out of their way to remove pastebins that leak stuff like this
[quote=glass]i wonder if pastebin staff actually took that down. i have never seen that before
didn't even know pastebin [i]had[/i] staff[/quote]
Wouldn't be surprised. Pastebin have been super lame as of recent, got rid of the search function and actively went out of their way to remove pastebins that leak stuff like this
didn't even know pastebin [i]had[/i] staff[/quote]
Wouldn't be surprised. Pastebin have been super lame as of recent, got rid of the search function and actively went out of their way to remove pastebins that leak stuff like this
https://web.archive.org/web/20211006143529/https://pastebin.com/LjmaPNam
this works if you’re curious
https://web.archive.org/web/20211006143529/https://pastebin.com/LjmaPNam
this works if you’re curious
this works if you’re curious
https://www.twitchearnings.com/ better link. It's from aug 2019 till october 2021, so b4nny's 80k make more sense
https://www.twitchearnings.com/ better link. It's from aug 2019 till october 2021, so b4nny's 80k make more sense
The leak does not include money from donations, merch, youtube videos, sponorships etc. So in reality a lot of these streamers are even wealthier than the stats suggest.
The leak does not include money from donations, merch, youtube videos, sponorships etc. So in reality a lot of these streamers are even wealthier than the stats suggest.
Hunter_2_0who the fuck is subbing to esl_csgo
[quote=Hunter_2_0]who the fuck is subbing to esl_csgo[/quote]
[img]https://pbs.twimg.com/media/DsQlinlXQAABlQN.png[/img]
[img]https://pbs.twimg.com/media/DsQlinlXQAABlQN.png[/img]
Now let’s see how much bank he made from b4nny stickers
Now let’s see how much bank he made from b4nny stickers
Hunter_2_0who the fuck is subbing to esl_csgo
It's 99.9% ad revenue I guess, additionally they also have ads running almost all of the time when doing reruns and people still watch those too
[quote=Hunter_2_0]who the fuck is subbing to esl_csgo[/quote]
It's 99.9% ad revenue I guess, additionally they also have ads running almost all of the time when doing reruns and people still watch those too
It's 99.9% ad revenue I guess, additionally they also have ads running almost all of the time when doing reruns and people still watch those too
BloodisHunter_2_0who the fuck is subbing to esl_csgoIt's 99.9% ad revenue I guess, additionally they also have ads running almost all of the time when doing reruns and people still watch those too
Twitch ads are far more lucrative than youtube ads
[quote=Bloodis][quote=Hunter_2_0]who the fuck is subbing to esl_csgo[/quote]
It's 99.9% ad revenue I guess, additionally they also have ads running almost all of the time when doing reruns and people still watch those too[/quote]
Twitch ads are far more lucrative than youtube ads
It's 99.9% ad revenue I guess, additionally they also have ads running almost all of the time when doing reruns and people still watch those too[/quote]
Twitch ads are far more lucrative than youtube ads
RoLxqc prob had 2fa
TOTP will not protect your account in this situation, the hashed password would
TOTP relies on a secret key to be shared between the authenticator (the app on your phone) and the validator (the twitch servers), both use that key to run the algorithm (described in RFC 4226 and 6238), because of that, the secret key must be accessible in some lossless way by the twitch servers, and in the case of a compromise, you have to assume that this secret key has been compromised. Hashed passwords remain safe for a finite period of time after a compromise because the actual password isn't stored anywhere, and the only way to get in is to crack it using a large amount of computer power.
Hunter_2_0who the fuck is subbing to esl_csgo
field sum
ad_share_gross 2488615.89
sub_share_gross 25591.69
bits_share_gross 3923.25
bits_developer_share_gross 0
bits_extension_share_gross 69.96
prime_sub_share_gross 48650.59
bit_share_ad_gross 25.56
fuel_rev_gross 0
bb_rev_gross 0[quote=RoL]xqc prob had 2fa[/quote]
TOTP will not protect your account in this situation, the hashed password would
TOTP relies on a secret key to be shared between the authenticator (the app on your phone) and the validator (the twitch servers), both use that key to run the algorithm (described in RFC 4226 and 6238), because of that, the secret key must be accessible in some lossless way by the twitch servers, and in the case of a compromise, you have to assume that this secret key has been compromised. Hashed passwords remain safe [b]for a finite period of time[/b] after a compromise because the actual password isn't stored anywhere, and the only way to get in is to crack it using a large amount of computer power.
[quote=Hunter_2_0]who the fuck is subbing to esl_csgo[/quote]
[code]
field sum
ad_share_gross 2488615.89
sub_share_gross 25591.69
bits_share_gross 3923.25
bits_developer_share_gross 0
bits_extension_share_gross 69.96
prime_sub_share_gross 48650.59
bit_share_ad_gross 25.56
fuel_rev_gross 0
bb_rev_gross 0
[/code]
TOTP will not protect your account in this situation, the hashed password would
TOTP relies on a secret key to be shared between the authenticator (the app on your phone) and the validator (the twitch servers), both use that key to run the algorithm (described in RFC 4226 and 6238), because of that, the secret key must be accessible in some lossless way by the twitch servers, and in the case of a compromise, you have to assume that this secret key has been compromised. Hashed passwords remain safe [b]for a finite period of time[/b] after a compromise because the actual password isn't stored anywhere, and the only way to get in is to crack it using a large amount of computer power.
[quote=Hunter_2_0]who the fuck is subbing to esl_csgo[/quote]
[code]
field sum
ad_share_gross 2488615.89
sub_share_gross 25591.69
bits_share_gross 3923.25
bits_developer_share_gross 0
bits_extension_share_gross 69.96
prime_sub_share_gross 48650.59
bit_share_ad_gross 25.56
fuel_rev_gross 0
bb_rev_gross 0
[/code]
twiikuuHashed passwords remain safe for a finite period of time after a compromise because the actual password isn't stored anywhere, and the only way to get in is to crack it using a large amount of computer power.
https://twitter.com/cybertillie/status/1445839064733790208
Show Content
lol
[quote=twiikuu]Hashed passwords remain safe [b]for a finite period of time[/b] after a compromise because the actual password isn't stored anywhere, and the only way to get in is to crack it using a large amount of computer power.
[/quote]
https://twitter.com/cybertillie/status/1445839064733790208
[spoiler]lol[/spoiler]
[/quote]
https://twitter.com/cybertillie/status/1445839064733790208
[spoiler]lol[/spoiler]
negasoratwiikuuHashed passwords remain safe for a finite period of time after a compromise because the actual password isn't stored anywhere, and the only way to get in is to crack it using a large amount of computer power.
https://twitter.com/cybertillie/status/1445839064733790208
Show Contentlol
All this code shows is that all the passwords are stored with bcrypt now. Before using bcrypt they used SHA1 hashes with a salt pepper :(. Those are relatively easy to crack because SHA1 hashing is very very fast.
Sadly, they seemed to have used a single salt (so actually a pepper) for all passwords:
// SHA1Salt is the single salt used for all pre-BCrypt passwords
SHA1Salt = "theleakedcodecontainsthepepper"
// PasswordCutoffTime is the last time we reset passwords. Passwords older than this timestamp must be reset
PasswordCutoffTime = 1427025600 // March 22, 2015, never forgetIf you logged in since March 2015, you'll have reset your password and it should no longer be stored as salted SHA1.
If a database ever leaks with the salted SHA1s still in them, it would be trivial to crack all those old passwords.
[quote=negasora][quote=twiikuu]Hashed passwords remain safe [b]for a finite period of time[/b] after a compromise because the actual password isn't stored anywhere, and the only way to get in is to crack it using a large amount of computer power.
[/quote]
https://twitter.com/cybertillie/status/1445839064733790208
[spoiler]lol[/spoiler][/quote]
All this code shows is that all the passwords are stored with bcrypt now. Before using bcrypt they used SHA1 hashes with a [s]salt[/s] pepper :(. Those are relatively easy to crack because SHA1 hashing is very very fast.
Sadly, they seemed to have used a single salt (so actually a pepper) for all passwords:
[code]// SHA1Salt is the single salt used for all pre-BCrypt passwords
SHA1Salt = "theleakedcodecontainsthepepper"
// PasswordCutoffTime is the last time we reset passwords. Passwords older than this timestamp must be reset
PasswordCutoffTime = 1427025600 // March 22, 2015, never forget[/code]
If you logged in since March 2015, you'll have reset your password and it should no longer be stored as salted SHA1.
If a database ever leaks with the salted SHA1s still in them, it would be trivial to crack all those old passwords.
[/quote]
https://twitter.com/cybertillie/status/1445839064733790208
[spoiler]lol[/spoiler][/quote]
All this code shows is that all the passwords are stored with bcrypt now. Before using bcrypt they used SHA1 hashes with a [s]salt[/s] pepper :(. Those are relatively easy to crack because SHA1 hashing is very very fast.
Sadly, they seemed to have used a single salt (so actually a pepper) for all passwords:
[code]// SHA1Salt is the single salt used for all pre-BCrypt passwords
SHA1Salt = "theleakedcodecontainsthepepper"
// PasswordCutoffTime is the last time we reset passwords. Passwords older than this timestamp must be reset
PasswordCutoffTime = 1427025600 // March 22, 2015, never forget[/code]
If you logged in since March 2015, you'll have reset your password and it should no longer be stored as salted SHA1.
If a database ever leaks with the salted SHA1s still in them, it would be trivial to crack all those old passwords.
Please
sign in through STEAM
to post a comment.