undefined | Better HN

0 pointsljm4y ago0 comments

Why would an intern at Twitch have access to data in production?

Saying that no 'secrets' were leaked is effectively burying the lede.

0 comments

ijcd4y ago

In general the broad access was to code repos early on. Some were gated. There’s lots of collaboration and the need to study other code bases for learning and collaboration, read only. It’s micro services galore there so one didn’t tend to have access to production databases for services or systems you didn’t work on. You were opted in there. Teams did their own devops for the most part.

The payout data likely wasn’t ripped from a DB but rather dashboards which customer service or partnerships likely had access to. Tier1 or Tier2 support kinda stuff.

This smells like a stolen backup or maybe network access and http scanning, finding the internal GitHub and maybe a support admin cred that allowed dashboard view.

madrox4y ago

By secrets, I mean salts, password hashes, etc.

ihattendorf4y ago

> You also get access to every streamer's dashboard and their analytics

I would classify that as access to production systems.

2 more replies

ljmOP4y ago

Why is getting access to prod, or prod data, considered a perk, exactly?

manquer4y ago

The perk is the wrench UX denoting you are an employee to the community . Reddit/twitch allow employees to communicate with the users . It is a social media platform , being able to indicate that you are special is street cred.

The other access rights that come from staff access is either incedential or miss /debt in architecture.

1 more reply

skilled4y ago

This statement makes no sense.

The leak includes source code of multiple active websites and applications that are operated under the umbrella of Twitch/Amazon.

Why would an intern have access to this data?

isbvhodnvemrwvn4y ago

In many companies source code for all products is available to each and single developer.

1 more reply

nemothekid4y ago

>Why would an intern have access to this data?

monorepos are a thing at several companies (e.g. Google).

1 more reply

j / k navigate · click thread line to collapse

0 comments

ijcd4y ago

The payout data likely wasn’t ripped from a DB but rather dashboards which customer service or partnerships likely had access to. Tier1 or Tier2 support kinda stuff.

This smells like a stolen backup or maybe network access and http scanning, finding the internal GitHub and maybe a support admin cred that allowed dashboard view.

madrox4y ago

By secrets, I mean salts, password hashes, etc.

ihattendorf4y ago

> You also get access to every streamer's dashboard and their analytics

I would classify that as access to production systems.

2 more replies

ljmOP4y ago

Why is getting access to prod, or prod data, considered a perk, exactly?

manquer4y ago

The other access rights that come from staff access is either incedential or miss /debt in architecture.

1 more reply

skilled4y ago