Twitch bug may have exposed some users messages to others

A glitch in the live streaming platform Twitch may have exposed some of its users’ private messages to other users. The company is notifying affected users.

The live streaming platform Twitch warning users that a glitch may have exposed some of their private messages to other users.

The company sent out the notifications to some broadcasters informing them that a software bug could have changed access permissions to older messages allowing other users to download them and read them.

The flaw affected recently removed a feature dubbed Messages that have exposed some the messages.

“I reached out to Twitch for a comment, and a company spokesperson says that it has fixed the bug. It also explained that most of the exposed messages were promotional announcements that went out to everyone who subscribes to certain channels. But it’s possible that this also affected private communications featuring more sensitive information as well.” reported VentureBeat.

Copy of the email sent by Twitch obtained by Bleeping Computer

“In May, we removed a legacy feature called Messages and provided users the ability to download an archive of past messages. Due to a bug in the code that generated the message archive files, which has since been fixed, a small percentage of user messages were included in the wrong archives.” reads the statement from Twitch’s spokesperson.

“The primary use case for Messages was promotion; streamers sending out mass communication to subscribers for example, and the majority of messages that were unintentionally provided to another user fall into that category. We have notified users via email and provided them the affected messages for review. Protecting our users’ privacy is important to us and we have taken actions to ensure this kind of error does not happen in the future.”

According to Twitch, the bug only affected the Messages feature, and there were no private messages sent via the Twitch Whisper systems included in these archives.

Twitch users can discover if their messages were accidentally exposed by visiting the website twitch.tv/messages/archive.

Searching on Twitter it is possible to find messages of Twitter users that found messages in their archive belonging to other users.

Anyway, Twitch sent a warning message to all affected users.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Securi ty Affairs – data leak, privacy)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.