Probing these issues with Digital Journal is expert and senior security researcher for DomainTools, Chad Anderson.
Beginning with the Twitch issue, Anderson notes that the scale of the problem is huge: “This data breach is huge and reveals not only user accounts and hashes passwords, but full source code and Amazon’s future direction for the company as the leak contains a Steam clone for monetizing digital game sales with tight integration into current high user base games.”
It is also surprising, notes Anderson, that behind Twitch is Amazon and it unexpected that such a bug player in the technology arena would make such a fundamental error. Here v states: “Many figured the acquisition of Twitch was to head in this direction at some point, but now we know just how long Amazon is in that race.”
He adds: “On top of all of that comes the leak of the financial information for big streamers. That unveils a lot we didn’t know before about streamer finances. All in all this leak is massive from a user privacy and intellectual property perspective.”
Anderson next looks at the different tactics involved: “There’s a lot of shock and awe with these attacks. We know from experience that oftentimes these attackers will combine previous breaches together to make these reveals look larger.”
There are measures that business and consumers can take, as Anderson finds: “We also know that with good practices from the personal end — using a password manager and multi-factor authentication — you can minimize any impact these leaks have on spidering out into other services you subscribe to today.”
Furthermore, Anderson recommends; “On top of that, good practices at companies of salting and hashing stored passwords, something Epik did not do and was a huge security oversight, or encrypting user data at rest can go a long way in minimizing the additional impact to their users.”
In terms of the new reality, Anderson advises: “Whether for hactivism or financial gain, attacks aren’t going to stop so what companies should be doing is implementing policies and security that make it so expensive for attackers to accomplish their means that they can’t afford to complete their goals. At the end of the day, the only thing that will make this stop is making execution costly for the attackers.”