Infosec Round-Up Oct 8th

Twitch Leak, A.I. Ban & Rogue IT Technician

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

Twitch Data Leak

The game streaming platform Twitch has fallen victim to a breach in which a reported 125GB of confidential data has been leaked.

Shared via the imageboard 4chan, the leak contained not only large amounts of financial information relating to its users, but also allegedly the source code from around 6,000 internal Git repositories.

Along with the data, the anonymous user posted referring to Twitch as “a disgusting toxic cesspool” and cited ‘greater competition in the online video streaming space’ as the motivation for the leak.

With Twitch confirming that no login credentials or credit card numbers were contained within the leak, the company noted: “We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party”.

Adding, “Our teams are working with urgency to investigate the incident. As the investigation is ongoing, we are still in the process of understanding the impact in detail”.

School Insider Threat

A former IT technician for a Leicestershire school has admitted to causing serious disruption by breaking into the computer systems of former employers, deleting data and changing passwords.

Adam Georgeson, 29, who had at the beginning of this year been fired from his role at Welland Park Academy, and was subsequently employed at a Rutland IT firm, gained unauthorised access to the IT systems reportedly out of ‘boredom’.

Appearing in Leicester Crown Court this Monday, the insider threat admitted changing passwords and deleting data, resulting in school systems being no longer accessible and remote learning being negatively impacted.

Detective Constable Anthony Jones, has stated: “There was a great deal of resentment towards both his former employers – but that’s no excuse for his actions which caused significant problems for both and could’ve had more damaging consequences.”

Adding, “I hope this case will serve as an example that Leicestershire Police takes all reports of cyber crime seriously and will fully investigate them in order to bring the perpetrators to justice.”

EU A.I. Ban

The European Union Parliament has voted in favour of a resolution which effectively bans the use of artificial intelligence-powered biometric mass surveillance technologies.

In a resolution adopted by 377 in favour, 248 against and 62 abstentions, MEPs cited the risk of algorithmic bias, as well as asking for a permanent ban on the automated recognition of individuals in public spaces, noting that citizens should only be monitored when suspected of a crime.

Petar Vitanov, the lead MEP on the issue, stated on the matter, “Fundamental rights are unconditional. For the first time ever, we are calling for a moratorium on the deployment of facial recognition systems for law enforcement purposes, as the technology has proven to be ineffective and often leads to discriminatory results.”

Adding, “We are clearly opposed to predictive policing based on the use of A.I. as well as any processing of biometric data that leads to mass surveillance. This is a huge win for all European citizens.”

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.