- Twitter issued verifications to a number of large-scale gamers and streamers on Wednesday, including Corpse Husband, whose content has recently seen a massive surge in popularity because of his Among Us plays.
- Still, it left out many other figures, such as Dream and CallMeCarson, who have millions of followers each.
- In a notable blunder, Twitter also accidentally verified the wrong Karl Jacobs. The correct Karl Jacobs, a Twitch streamer with nearly 800,000 followers, was later given verification. Until Thursday afternoon, the incorrect Jacobs retained verification.
- The confusion over this wave of verifications follows Twitter’s recent pledge to relaunch applications for verifications after pausing the program in 2017 when it verified a white supremacist.
Twitter Verifies the Wrong Account
On Wednesday, Twitter verified Twitch streamer Karl Jacobs, who has nearly 800,000 followers on the platform and has frequently appeared in videos with mega-creator Mr.Beast. Or rather, Twitter tried to verify him.
It actually ended up verifying a different Karl Jacobs, the owner of a seemingly random account that only had about 200 followers at the time.
“THEY VERIFIED THE WRONG KARL JACOBS,” streamer Karl Jacobs said in a tweet that was soon followed up by a response from Mr.Beast, whose real name is Jimmy Donaldson.
“LMAO THATS THE FUNNIEST THING IVE EVER SEEN IN MY LIFE,” Donaldson said.
About 30 minutes later, Jacobs confirmed that Twitter had partially corrected its mistake and verified his account by giving it a blue checkmark. Twitter did not fully rectify their mistake until Thursday afternoon when it finally removed the verification for the account for the random Karl Jacobs.
Jacob’s verification was part of a mass verification of gamers and other streamers on Wednesday. While the platform gave blue checkmarks to a number of top creators (such as fast-growing creator Corpse Husband), it also seemingly skipped over several other major creators with millions of followers each.
Some fans were upset that streamers such as Sykkuno, who has 1.8 million followers on Twitch and almost 750,000 of Twitter, appeared to be ignored in the wave of verifications. They argued that he should already meet Twitter’s standards for being verified, as he’s an account of “public interest.”
Both Corpse Husband and Twitch Streamer Valkyrae also expressed disappointment that Sykkuno wasn’t included.
Other notable creators left out of the fold included CallMeCarson and Dream. On Twitter, both joked about the situation.
CallMeCarson, whose real name is Carson King, currently has over 3 million followers on YouTube. Dream, whose real identity is anonymous, has over 13 million followers. His Minecraft plays on YouTube average tens of millions of views with each upload.
Twitter’s Verification Problem
In 2017, Twitter paused its application-based verification system after it faced backlash for verifying a white supremacist and reported neo-Nazi who had organized the infamous Charlottesville Unite the Right rally. During that rally, counterprotester Heather Heyer was killed after a vehicle rammed into her.
“Verification was meant to authenticate identity & voice but it is interpreted as an endorsement or an indicator of importance,” the Twitter Support account said following backlash. “We recognize that we have created this confusion and need to resolve it. We have paused all general verifications while we work and will report back soon.”
In a quote tweet, CEO Jack Dorsey admitted that “the system is broken and needs to be reconsidered.”
In 2018, Twitter product lead Kayvon Beykpour said the company was shifting focus from updating that verification process to election integrity.
During that announcement, he also addressed confusion that had arisen because, despite the pause of Twitter’s public verification system, some accounts were still actively receiving blue checkmarks.
“Despite that goal,” he said, “we still verify accounts ad hoc when we think it serves the public conversation & is in line with our policy. But this has led to frustration b/c our process remains opaque & inconsistent with our [intended] pause. This is far from ideal & we still intend to fix.”
That likely explains Wednesday’s set of verifications, as well as verifications earlier this year for a number of public health officials who have authority to speak on the COVID-19 pandemic.
When Will Public Verification Come Back?
Despite that application process being missing for three years now, public verification is still expected to come back. In fact, last week, Twitter announced that it expects to re-introduce the feature early next year.
In a draft policy, it said eligible accounts include government entities, companies, brands, nonprofits, news media accounts, activists, and organizers. The list also includes businesses and individuals in entertainment and sports, as well as a more general category listed as “other influential individuals.”
Beykpour added that the company’s “goal is to bring clarity to what verification on Twitter means, the criteria we’ll use for assessing verification, and how to apply.”
Indeed, the draft policy lays out some very specific rules for how to get that oh-so-coveted blue checkmark. For example, one avenue for an actor to receive verification includes obtaining at least five production credits on their IMDB profile.
Qualifying media outlets must also adhere to standards set forth by multiple organizations focusing on ethics in journalism.
Twitter said it will refuse to hand out verifications to any accounts that “have had a 12-hour or 7-day lockout for violating the Twitter Rules in the past six months.”
“You may lose your badge if you change your account name (@handle), if your account becomes inactive or incomplete, or if you are no longer in the position you initially were verified for—such as an elected government official who leaves office—and you do not otherwise meet our criteria for verification,” the draft says.
That clause could potentially leave the door open for Twitter to remove President Donald Trump’s verification once he leaves the White House in January. Since May, Twitter has placed warning labels on a bevy of Trump’s tweets. That fact-checking process ramped up in November as Trump made false claims about election fraud in dozens of tweets.
If Trump continues to tweet false information after his presidency, Twitter may be forced to address that question. In either event that Twitter removes his verification or gives him a special exemption, the company will undoubtedly face criticism.
Twitter said it will publish a finalized version of this policy on Dec. 17, but at least one major question remains: If Twitter has worked for three years to make its verification process transparent, will users have confidence in the platform if it continues to accidentally give verifications — a symbol of authority — to random accounts?
Hackers Hit Twitch Again, This Time Replacing Backgrounds With Image of Jeff Bezos
The hack appears to be a form of trolling, though it’s possible that the infiltrators were able to uncover a security flaw while reviewing Twitch’s newly-leaked source code.
Hackers targeted Twitch for a second time this week, but rather than leaking sensitive information, the infiltrators chose to deface the platform on Friday by swapping multiple background images with a photo of former Amazon CEO Jeff Bezos.
According to those who saw the replaced images firsthand, the hack appears to have mostly — and possibly only — affected game directory headers. Though the incident appears to be nothing more than a surface-level prank, as Amazon owns Twitch, it could potentially signal greater security flaws.
For example, it’s possible the hackers could have used leaked internal security data from earlier this week to discover a network vulnerability and sneak into the platform.
The latest jab at the platforms came after Twitch assured its users it has seen “no indication” that their login credentials were stolen during the first hack. Still, concerns have remained regarding the potential for others to now spot cracks in Twitch’s security systems.
It’s also possible the Bezos hack resulted from what’s known as “cache poisoning,” which, in this case, would refer to a more limited form of hacking that allowed the infiltrators to manipulate similar images all at once. If true, the hackers likely would not have been able to access Twitch’s back end.
The photo changes only lasted several hours before being returned to their previous conditions.
First Twitch Hack
Despite suspicions and concerns, it’s unclear whether the Bezos hack is related to the major leak of Twitch’s internal data that was posted to 4chan on Wednesday.
That leak exposed Twitch’s full source code — including its security tools — as well as data on how much Twitch has individually paid every single streamer on the platform since August 2019.
It also revealed Amazon’s at least partially developed plans for a cloud-based gaming library, codenamed Vapor, which would directly compete with the massively popular library known as Steam.
Even though Twitch has said its login credentials appear to be secure, it announced Thursday that it has reset all stream keys “out of an abundance of caution.” Users are still being urged to change their passwords and update or implement two-factor authentication if they haven’t already.
Twitch Blames Server Configuration Error for Hack, Says There’s No Indication That Login Info Leaked
The platform also said full credit card numbers were not reaped by hackers, as that data is stored externally.
Login and Credit Card Info Secure
Twitch released a security update late Wednesday claiming it had seen “no indication” that users’ login credentials were stolen by hackers who leaked the entire platform’s source code earlier in the day.
“Full credit card numbers are not stored by Twitch, so full credit card numbers were not exposed,” the company added in its announcement.
The leaked data, uploaded to 4chan, includes code related to the platform’s security tools, as well as exact totals of how much it has individually paid every single streamer on the platform since August 2019.
Early Thursday, Twitch also announced that it has now reset all stream keys “out of an abundance of caution.” Streamers looking for their new keys can visit a dashboard set up by the platform, though users may need to manually update their software with the new key before being able to stream again depending on what kind of software they use.
As far as what led to the hackers being able to steal the data, Twitch blamed an error in a “server configuration change that was subsequently accessed by a malicious third party,” confirming that the leak was not the work of a current employee who used internal tools.
Will Users Go to Other Streaming Platforms?
While no major creators have said they are leaving Twitch for a different streaming platform because of the hack, many small users have either announced their intention to leave Twitch or have said they are considering such a move.
It’s unclear if the leak, coupled with other ongoing Twitch controversies, will ultimately lead to a significant user exodus, but there’s little doubt that other platforms are ready and willing to leverage this hack in the hopes of attracting new users.
At least one big-name streamer has already done as much, even if largely only presenting the idea as a playful jab rather than with serious intention.
“Pretty crazy day today,” YouTube’s Valkyrae said on a stream Wednesday while referencing a tweet she wrote earlier the day.
“YouTube is looking to sign more streamers,” that tweet reads.
“I mean, they are! … No shade to Twitch… Ah! Well…” Valkyrae said on stream before interrupting herself to note that she was not being paid by YouTube to make her comments.
The Entirety of Twitch Has Been Leaked Online, Including How Much Top Creators Earn
The data dump, which could be useful for some of Twitch’s biggest competitors, could signify one of the most encompassing platform leaks ever.
Massive Collection of Data Leaked
Twitch’s full source code was uploaded to 4chan Wednesday morning after it was obtained by hackers.
Among the 125 GB of stolen data is information revealing that Amazon, which owns Twitch, has at least partially developed plans for a cloud-based gaming library. That library, codenamed Vapor, would directly compete with the massively popular library known as Steam.
With Amazon being the all-encompassing giant that it is, it’s not too surprising that it would try to develop a Steam rival, but it’s eyecatching news nonetheless considering how much the release of Vapor could shake up the market.
The leaked data also showcased exactly how much Twitch has paid its creators, including the platform’s top accounts, such as the group CriticalRole, as well as steamers xQcOW, Tfue, Ludwig, Moistcr1tikal, Shroud, HasanAbi, Sykkuno, Pokimane, Ninja, and Amouranth.
These figures only represent payouts directly from Twitch. Each creator mentioned has made additional money through donations, sponsorships, and other off-platform ventures. Sill, the information could be massively useful for competitors like YouTube Gaming, which is shelling out big bucks to ink deals with creators.
Data related to Twitch’s internal security tools, as well as code related to software development kits and its use of Amazon Web Services, was also released with the hack. In fact, so much data was made public that it could constitute one of the most encompassing platform dumps ever.
Streamer CDawgVA, who has just under 500,000 subscribers on Twitch, tweeted about the severity of the data breach on Wednesday.
“I feel like calling what Twitch just experienced as “leak” is similar to me shitting myself in public and trying to call it a minor inconvenience,” he wrote. “It really doesn’t do the situation justice.”
Despite that, many of the platform’s top streamers have been quite casual about the situation.
“Hey, @twitch EXPLAIN?”xQc tweeted. Amouranth replied with a laughing emoji and the text, “This is our version of the Pandora papers.”
Meanwhile, Pokimane tweeted, “at least people can’t over-exaggerate me ‘making millions a month off my viewers’ anymore.”
Others, such as Moistcr1tikal and HasanAbi argued that their Twitch earning are already public information given that they can be easily determined with simple calculations.
Could More Data Come Out?
This may not be the end of the leak, which was labeled as “part one.” If true, there’s no reason to think that the leakers wouldn’t publish a part two.
For example, they don’t seem to be too fond of Twitch and said they hope this data dump “foster[s] more disruption and competition in the online video streaming space.”
They added that the platform is a “disgusting toxic cesspool” and included the hashtag #DoBetterTwitch, which has been used in recent weeks to drive boycotts against the platform as smaller creators protest the ease at which trolls can use bots to spam their chats with racist, sexist, and homophobic messages.
Still, this leak does appear to lack one notable set of data: password and address information of Twitch users.
That doesn’t necessarily mean the leakers don’t have it. It could just mean they are only currently interested in sharing Twitch’s big secrets.
Regardless, Twitch users and creators are being strongly urged to change their passwords as soon as possible and enable two-factor authentication.