“’We’re currently investigating the issue and will have more to share as we have additional detail,’ the company told me. But according to the former engineers I spoke with, Twitch had a notoriously lax approach to internal security that, in the view of some, made an incident like today’s more likely. Among the issues they identified:
- The company did not develop an effective model to counter internal threats — that is, employees who might seek to steal data or cause other problems.
- Every engineer could clone every code repository, making it possible for someone to essentially copy and paste the entire code base.
- Despite being owned by Amazon since 2014, Twitch still has its own information security practices, which are generally weaker.
‘No other company has this level of facepalm,’ one engineer told me.”