Sky.com servers exposed via misconfiguration

 CyberNews researchers found an exposed configuration file hosted on a Sky.com subdomain containing production data.

CyberNews researchers found an exposed configuration file hosted on a Sky.com subdomain, containing what appear to be production-level database access credentials, as well as addresses to development endpoints.

Sky, a subsidiary of Comcast, is Europe’s largest media company, boasting a 12% market share and a revenue of approximately £13.4 billion in 2020, as well as more than 31,000 employees and 24 million customers. UpLift Media, launched by Sky and Molson Coors in 2015, is an in-venue digital screen advertising network that operates digital screens in bars and other leisure venues across the UK.

Sky customers have been told to change their passwords immediately, raising fears that the company may have been hit by a data breach.

The company has sent out emails to customers across the UK urging them to reset their passwords as part of a "security measure".

The email contains a link for users to choose a new passwords as Sky has had to change their existing logins, raising fears that the company has suffered some kind of breach or attack.

Several Sky customers took to Twitter to ask Sky if the emails were genuine, or part of a phishing scam, with the firm's official Sky Help Team account replying that they were. ‘To help keep customer’s accounts safe we occasionally reset the password for Sky accounts. Customers can reset their password online at Sky.com,’ a Sky spokesperson said, adding that the company has not been breached. However the account also told some customers that the reset was linked to "part of the incident that happened last week", possibly referencing a recent attack.  "We have been informed by the provider of Sky.com email that a number of email accounts have been accessed without permission," its official disclosure on the incident read, "as a precautionary measure these accounts have been locked." 

We have seen more impact and  what Sky.com have taken precautions to come across this Breach and one of the cybersecurity Experts teams have reported them and here is the link which the experts team clearly show's that how they found out the Data. https://securityaffairs.co/wordpress/123143/data-breach/sky-com-server-misconfiguration.html

Streaming Platform "Twitch" Confirms Hack

Twitch, Amazon's most popular live video streaming platform Twitch said on Wednesday 06 October, 2021. Hackers have broken into it's network after reports of exposed confidential company data surfaced online.

 The platform, where users often stream live video game play, including broadcasts of E-sports competitions. In addition, it offers music broadcasts, creative content, and more confirmed the break-in on Twitter. Amazon bought Twitch for almost $1 billion in 2014. The site is primarily focused on videos and livestreams for video game enthusiasts.

"We can confirm a breach has taken place," Twitch said in post from its verified Twitter account.

"Our teams are working with urgency to understand the extent of this."

The statement came after reports emerged that a massive dump of Twitch data had been posted on fringe anonymous message board 4Chan. A post at 4Chan served up 125 gigabytes of data reported to include Twitch source code, records of payouts to streamers, and a digital video game distribution service being built by Amazon Game Studios. It did not appear that personal Twitch user data was in the dump, but the extent of the hack was still being investigated. Google searches for "how to delete Twitch" rocketed eightfold as news of the hack spread, according to marketing analysts firm N. Rich.

"With such a concerning data breach from a platform as widespread and global as Twitch, users are naturally wanting to protect themselves and their data as soon as possible," an N.Rich spokesperson said. 

The hacker took more than 125 gigabytes of data in the breach, according to the 4chan post.

The person who posted the trove of stolen data left a message claiming the break-in was performed to foster competition in video streaming, and because the Twitch community "is a disgusting toxic cesspool," according to media reports. Users of Twitch, the world's biggest video game streaming site, staged a virtual walkout last month to voice outrage over barrages of racist, sexist and homophobic abuse on the platform. The phenomenon of "hate raids" -- torrents of abuse -- has seen the platform become increasingly unpleasant many for Twitch streamers who are not white or straight.

A Twitter hashtag, #TwitchDoBetter, has become a magnet for complaints over the past month, largely from female, non-white and LGBTQ players saying that Twitch is failing to stop internet trolls running amok -- all while taking 50 percent of streamers' earnings.

Twitch has maintained that it is working to improve tools for protecting accounts from abuses.

The service is suing two users in US federal court, accusing them of orchestrating the so-called "hate raids."

https://twitter.com/Twitch/status/1445770441176469512?s=20

While Twitch is still investigating and says there’s no indication login details were exposed, we’d still recommend changing your Twitch password and enabling two-factor authentication if you haven’t already done so.