The hacking event on October 6, 2021 was by far the biggest blow to Twitch, which was acquired by Curse LLC from Amazon after being acquired by Amazon in 2014. When we examine this event, we see that it has a hactivist structure. Despite the use of dozens of security technologies and careful preparation of security architectures, at the end of the day, threat actors can find an endpoint to infiltrate.

The main reason for this is natural selection. No matter how much technologies develop, threat actors will continue to develop themselves in order to get rid of these technologies and will always try to create an endpoint for themselves. According to the first data, the source of the leak; It is the information that the leak occurred through the git server that Twitch software teams designed to use git repos more easily.

The leak content includes the entire source code of the Twitch application, calls made by some users to the support address, and user payment information.

Below is a list of cybersecurity and IT technologies used by Twitch.

So what are the lessons to be learned?

1. Don’t tell me nothing will happen, if you are as big as Amazon and Curse LLC, something could happen to you.

2. It is necessary to look at the cyber security phenomenon from a holistic perspective instead of looking at it from one side.

3. Threat actors that cause leaks do not take over systems in one day. They work on it, they wait for the right time, they enter from the endpoint, and when they enter, they leave some traces. Therefore, it is necessary to carry out pentests in order to detect the vulnerabilities at the extreme points in frequent and regular periods. At the same time, forensic analysis processes should work. However, even if institutions collect evidence from extreme points after the event, it may be too late. Instead, evidence should be collected from all endpoints used within the scope of forensic analysis in frequent and regular periods before events occur.