- Twitch has ordered the U.S. Army to stop offering fake giveaways on its platform.
- The issue first came to light after a reporter noticed that a prize giveaway link, which was posted into the chat box of an Army esports stream, redirected users to a recruitment page.
- According to that reporter, the recruitment page offered “no additional mention of a contest, odds, total number of winners, or when a drawing will occur.”
- Separately, the U.S. Army has also faced substantial blowback for banning Twitch users asking about war crimes, a move that potentially violates free speech laws.
US Army Offers Fake Giveaways
After the United States Army was allegedly caught promising fake prize giveaways on Twitch to promote its recruitment page, Twitch has ordered it to abandon the strategy.
The practice was first detailed by reporter Jordan Uhl in The Nation on Wednesday and stems from the Army’s esports team, which regularly streams on Twitch as a way to talk to teens about life in the military and recruitment options. Both the Navy and the Air Force also have esports teams that stream on Twitch.
In the chat box of those streams, the Army would reportedly post automated links promoting prize giveaways. For example, one prize included an Xbox Elite Series 2 controller; however, once people clicked the link to try to win that controller, they weren’t taken to a page to enter that drawing.
Instead, according to The Nation, they were directed to “a recruiting form with no additional mention of a contest, odds, total number of winners, or when a drawing will occur.”
The Army esports team routinely points viewers as young as 13 to this page with “Register To Win!” at the top in all caps. In some cases, they claim you can win a $200 controller.— jordan (@JordanUhl) July 15, 2020
The form is actually a recruiting form.https://t.co/Vk1mC7bn5U pic.twitter.com/N8oQkikeQJ
The news prompted outrage among some streamers and game developers who then urged Twitch to take action against the U.S. Army esports channel.
“The silence from @Twitch on the latest wave of criticism regarding the military using the site to scam kids into sharing personal info speaks volumes,” streamer Jayson “MANvsGame” Love said on Twitter. “Imagine ANY other channel doing that. Feel free to manipulate your viewers as much as you like, I guess?”
On Thursday, gaming website Kotaku reported that Twitch had forced the Army to stop tricking viewers, with Twitch saying in a statement to the outlet, “Per our Terms of Service, promotions on Twitch must comply with all applicable laws. This promotion did not comply with our Terms, and we have required them to remove it.”
Meanwhile, the Army has remained silent on why it allegedly engaged in fake giveaway tactics.
Is the US Army Also Violating Free Speech Laws on Twitch?
The fake giveaway is not the only Twitch-related controversy the Army has recently faced. Last week, after catching wind of users being banned for asking uncomfortable questions, Uhl reported that the Army’s Twitch channel banned him after he asked about war crimes during a stream—a move that could be seen as a blockage of free speech.
In a recorded video, Uhl asks other viewers what their favorite U.S. war crime is in the chat box of that stream. He then links to the Wikipedia page for U.S. war crimes. Seconds after that, he is banned.
“Have a nice time getting banned, my dude,” Army recruiter and gamer Joshua “Strotnium” David tells Uhl just before the video ends.
The U.S. Army (and its esports team) are not private entities. While general Twitch streamers can moderate their channels however they wish, public forums hosted by the government are generally required to abide by strict free speech laws.
In response, the Army later confirmed that it banned Uhl directly because of his comments, arguing that those comments violated Twitch’s harassment policies.
“Team members are very clear when talking with potential applicants that a game does not reflect a real Army experience,” a representative of the U.S. Army esports team told Vice. “They discuss their career experiences in real terms with factual events.”
“Team members ensure people understand what the Army offers through a realistic lens and not through the lens of a game meant for entertainment. This user’s question was an attempt to shift the conversation to imply that Soldiers commit war crimes based on an optional weapon in a game, and we felt that violated Twitch’s harassment policy.”
“The U.S. Army offers youth more than 150 different careers, and ultimately the goal of the Army eSports Team is to accurately portray that range of opportunities to interested youth.”
The American Civil Liberties Union, however, has argued that “calling out the government’s war crimes isn’t harassment, it’s speaking truth to power. And banning users who ask important questions isn’t ‘flexing,’ it’s unconstitutional.”
Concerns Over Army Streaming With Teens
“Was I undiplomatic?,” Uhl asked in his Wednesday article. “Sure. But if the military is going to use one of the world’s most popular platforms to recruit kids, then it shouldn’t be able to do so without some pushback. Right now, with the support of Twitch, gamers with the US military are spending hours with children as young as 13, trying to convince them to enlist.”
As Uhl noted, the military’s newfound use of Twitch could be an even more effective method than “approaching a recruiter behind a table in a school cafeteria.” For example, “kids can hang out with one who is playing their favorite video games and replying to their chat messages for hours on end.”
Of the four main branches of the military, only the Marine Corps has refused to launch an esports team.
“This is due in part to the belief that the brand and issues associated with combat are too serious to be ‘gamified’ in a responsible manner,” the Marine Corps Recruiting Command said in January.
See what others are saying: (The Nation) (Kotaku) (The Verge)
Hackers Hit Twitch Again, This Time Replacing Backgrounds With Image of Jeff Bezos
The hack appears to be a form of trolling, though it’s possible that the infiltrators were able to uncover a security flaw while reviewing Twitch’s newly-leaked source code.
Hackers targeted Twitch for a second time this week, but rather than leaking sensitive information, the infiltrators chose to deface the platform on Friday by swapping multiple background images with a photo of former Amazon CEO Jeff Bezos.
According to those who saw the replaced images firsthand, the hack appears to have mostly — and possibly only — affected game directory headers. Though the incident appears to be nothing more than a surface-level prank, as Amazon owns Twitch, it could potentially signal greater security flaws.
For example, it’s possible the hackers could have used leaked internal security data from earlier this week to discover a network vulnerability and sneak into the platform.
The latest jab at the platforms came after Twitch assured its users it has seen “no indication” that their login credentials were stolen during the first hack. Still, concerns have remained regarding the potential for others to now spot cracks in Twitch’s security systems.
It’s also possible the Bezos hack resulted from what’s known as “cache poisoning,” which, in this case, would refer to a more limited form of hacking that allowed the infiltrators to manipulate similar images all at once. If true, the hackers likely would not have been able to access Twitch’s back end.
The photo changes only lasted several hours before being returned to their previous conditions.
First Twitch Hack
Despite suspicions and concerns, it’s unclear whether the Bezos hack is related to the major leak of Twitch’s internal data that was posted to 4chan on Wednesday.
That leak exposed Twitch’s full source code — including its security tools — as well as data on how much Twitch has individually paid every single streamer on the platform since August 2019.
It also revealed Amazon’s at least partially developed plans for a cloud-based gaming library, codenamed Vapor, which would directly compete with the massively popular library known as Steam.
Even though Twitch has said its login credentials appear to be secure, it announced Thursday that it has reset all stream keys “out of an abundance of caution.” Users are still being urged to change their passwords and update or implement two-factor authentication if they haven’t already.
Twitch Blames Server Configuration Error for Hack, Says There’s No Indication That Login Info Leaked
The platform also said full credit card numbers were not reaped by hackers, as that data is stored externally.
Login and Credit Card Info Secure
Twitch released a security update late Wednesday claiming it had seen “no indication” that users’ login credentials were stolen by hackers who leaked the entire platform’s source code earlier in the day.
“Full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed,” the company added in its announcement.
The leaked data, uploaded to 4chan, includes code related to the platform’s security tools, as well as exact totals of how much it has individually paid every single streamer on the platform since August 2019.
Early Thursday, Twitch also announced that it has now reset all stream keys “out of an abundance of caution.” Streamers looking for their new keys can visit a dashboard set up by the platform, though users may need to manually update their software with the new key before being able to stream again depending on what kind of software they use.
As far as what led to the hackers being able to steal the data, Twitch blamed an error in a “server configuration change that was subsequently accessed by a malicious third party,” confirming that the leak was not the work of a current employee who used internal tools.
Will Users Go to Other Streaming Platforms?
While no major creators have said they are leaving Twitch for a different streaming platform because of the hack, many small users have either announced their intention to leave Twitch or have said they are considering such a move.
It’s unclear if the leak, coupled with other ongoing Twitch controversies, will ultimately lead to a significant user exodus, but there’s little doubt that other platforms are ready and willing to leverage this hack in the hopes of attracting new users.
At least one big-name streamer has already done as much, even if largely only presenting the idea as a playful jab rather than with serious intention.
“Pretty crazy day today,” YouTube’s Valkyrae said on a stream Wednesday while referencing a tweet she wrote earlier the day.
“YouTube is looking to sign more streamers,” that tweet reads.
“I mean, they are! … No shade to Twitch… Ah! Well…” Valkyrae said on stream before interrupting herself to note that she was not being paid by YouTube to make her comments.
The Entirety of Twitch Has Been Leaked Online, Including How Much Top Creators Earn
The data dump, which could be useful for some of Twitch’s biggest competitors, could signify one of the most encompassing platform leaks ever.
Massive Collection of Data Leaked
Twitch’s full source code was uploaded to 4chan Wednesday morning after it was obtained by hackers.
Among the 125 GB of stolen data is information revealing that Amazon, which owns Twitch, has at least partially developed plans for a cloud-based gaming library. That library, codenamed Vapor, would directly compete with the massively popular library known as Steam.
With Amazon being the all-encompassing giant that it is, it’s not too surprising that it would try to develop a Steam rival, but it’s eyecatching news nonetheless considering how much the release of Vapor could shake up the market.
The leaked data also showcased exactly how much Twitch has paid its creators, including the platform’s top accounts, such as the group CriticalRole, as well as steamers xQcOW, Tfue, Ludwig, Moistcr1tikal, Shroud, HasanAbi, Sykkuno, Pokimane, Ninja, and Amouranth.
These figures only represent payouts directly from Twitch. Each creator mentioned has made additional money through donations, sponsorships, and other off-platform ventures. Sill, the information could be massively useful for competitors like YouTube Gaming, which is shelling out big bucks to ink deals with creators.
Data related to Twitch’s internal security tools, as well as code related to software development kits and its use of Amazon Web Services, was also released with the hack. In fact, so much data was made public that it could constitute one of the most encompassing platform dumps ever.
Streamer CDawgVA, who has just under 500,000 subscribers on Twitch, tweeted about the severity of the data breach on Wednesday.
“I feel like calling what Twitch just experienced as “leak” is similar to me shitting myself in public and trying to call it a minor inconvenience,” he wrote. “It really doesn’t do the situation justice.”
Despite that, many of the platform’s top streamers have been quite casual about the situation.
“Hey, @twitch EXPLAIN?”xQc tweeted. Amouranth replied with a laughing emoji and the text, “This is our version of the Pandora papers.”
Meanwhile, Pokimane tweeted, “at least people can’t over-exaggerate me ‘making millions a month off my viewers’ anymore.”
Others, such as Moistcr1tikal and HasanAbi argued that their Twitch earning are already public information given that they can be easily determined with simple calculations.
Could More Data Come Out?
This may not be the end of the leak, which was labeled as “part one.” If true, there’s no reason to think that the leakers wouldn’t publish a part two.
For example, they don’t seem to be too fond of Twitch and said they hope this data dump “foster[s] more disruption and competition in the online video streaming space.”
They added that the platform is a “disgusting toxic cesspool” and included the hashtag #DoBetterTwitch, which has been used in recent weeks to drive boycotts against the platform as smaller creators protest the ease at which trolls can use bots to spam their chats with racist, sexist, and homophobic messages.
Still, this leak does appear to lack one notable set of data: password and address information of Twitch users.
That doesn’t necessarily mean the leakers don’t have it. It could just mean they are only currently interested in sharing Twitch’s big secrets.
Regardless, Twitch users and creators are being strongly urged to change their passwords as soon as possible and enable two-factor authentication.