| Hi everybody, Matt Day here. The hack of Amazon's Twitch is very bad optics, but first… Today's top tech news: The hack of Amazon.com Inc.'s Twitch streaming service was bad. How bad, we don't know yet. The leak contained source code for Twitch's applications, some hints at an unreleased project as well as data on payouts to the platform's most popular streamers. The company is still sorting through what was lost and how it happened, and the anonymous hacker who dumped the files on an online message board suggested more may be coming. All that is tantamount to one of the most deeply embarrassing hacks in recent memory. "They Sony-ed the heck out of Twitch, and dumped absolutely everything," said Tim Medin, chief executive officer of Red Siege, which helps test the cybersecurity defenses of other companies. He's referring to the Sony Pictures hack back in 2014, which swiped data to humiliate the film studio for making a comedy about an assassination plot against North Korean leader Kim Jong Un. And for the anonymous person or people who dumped Twitch's data online, the motivation was clearly personal: They said they wanted to foster competition in online streaming, and called Twitch's community "a disgusting toxic cesspool." But the fallout won't be contained to just Twitch. The hack was so explosive that parent company Amazon may feel some blowback too. Not only does Amazon own Twitch, it's also the operator of Amazon Web Services, the industry-leading cloud computing firm whose data centers host troves of sensitive corporate and government information, and which runs a tight enough ship that U.S. spy agencies trust it with their data. Emmett Shear, Twitch's chief executive officer, reported for years to AWS boss Andy Jassy, who is now Amazon's CEO. (Earlier this year, responsibility for Twitch shifted to Jeff Blackburn, who leads a potpourri of Amazon entertainment businesses). "Given Amazon's status as an industry leader in cloud technology, we would have assumed that it was also the most secure," analysts with Raymond James wrote in a note to clients about the Twitch hack. "We are unsure how any individual could have pulled off a breach of this magnitude without getting caught unless it was quite literally Jeff Bezos himself (we are not making that claim)." There's nothing to suggest that this hack was anything that exciting. In a brief post on its blog late Wednesday night, Twitch said data was exposed to the internet "due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party." That could be something as simple as putting a device on the internet that wasn't supposed to be there, or removing password protection on a part of an application. "Twitch had a misconfigured server which was accessed by an unauthorized third party," an AWS spokesperson said by email. "This had nothing to do with the operation of AWS Services; AWS operated as expected." Twitch, which says it doesn't store customer credit card data, didn't respond to messages seeking comment. Some Amazon subsidiaries operate as more or less freestanding companies. Whole Foods Market and audiobook maker Audible get a good degree of freedom to chart their own course. Since the 2014 acquisition of San Francisco-based Twitch, the company has talked publicly about moving some of its services to AWS, but it also continues to operate its own proprietary technology. "Twitch runs its own security team with its own processes," said a former information security official at Twitch, who asked for anonymity because they lack access to details of this particular hack. "While they use AWS's tools, there was very little integration above that level." AWS requires that its clients accept its "shared responsibility model." The company will make sure its software is sound and secure. But the customer is responsible for using it correctly. AWS salespeople sometimes make an automotive analogy: Ford will build you a pickup, but if you put the gas pedal down and slam into an office building, that's on you, not Detroit. The question Amazon will contend with as Twitch picks up the pieces is how much damage might have been avoided if the company had more tightly embraced its hip, gamer-focused subsidiary. And whether it will adopt a closer, more protective, partnership going forward. —Matt Day A look inside the wild search for the $69 million dollars supposedly backing Tether, the stablecoin at the center of the global cryptocurrency trade, and in the crosshairs of U.S. regulators and prosecutors. Microsoft will allow more repair shops after activist protests. Apple appointed a new treasurer as part of a wave of new executive promotions. Intel rules out a U.K. chip factory because of Brexit | 
Post a Comment