On 6 October 2021, an anonymous actor posted a 125 GB torrent on 4chan containing Twitch’s entire source code, internal security tools, mobile and desktop clients, proprietary SDKs, internal AWS services, an unreleased Steam competitor codenamed ‘Vapor’, creator payout data for the top 10,000 Twitch streamers (dating back to 2019), and internal red team tools. The actor claimed to have released the data to ‘foster more disruption and competition in the online video streaming space’ and described it as ‘part one’, suggesting more data would follow. Twitch confirmed the breach on 6 October and stated that it was caused by ‘an error in a Twitch server configuration change that was subsequently accessed by a malicious third party.’ The exposed creator payout data included names and dollar amounts paid to streamers, with several top streamers earning over $5 million in the 26-month period captured. Critically, Twitch stated that full credit card numbers were not exposed, and that their systems that stored these were not accessed. AWS credentials were exposed in the dump, raising supply chain risks for downstream services. A second torrent was never published. The incident significantly impacted creator trust on the platform and highlighted risks of centralised source code repository access controls.