Türkiye fines Twitch $58K over massive data breach impacting thousands
Twitch logo. (AFP Photo)
Türkiye’s Personal Data Protection Authority (KVKK) fined the live-streaming platform Twitch ₺2 million ($58,036.12) following a data breach that affected 35,274 users in the country.
The breach, which occurred in 2021, involved the leak of 125 gigabytes of sensitive data, including platform source code and the earnings of top streamers.
Data breach exposed sensitive information
The 2021 data breach was one of the largest in Twitch‘s history, resulting in the release of highly sensitive information. Twitch, owned by Amazon, confirmed the breach but did not provide specific details about the leaked data.
The company attributed the incident to a “server configuration change” that led to the exposure.
Türkiye’s investigation and findings
Turkish KVKK authorities launched an investigation into the breach based on reports of a large-scale data breach.
The agency determined that Twitch failed to implement adequate security measures before the breach and addressed vulnerabilities only after the incident. KVKK also noted that Twitch was insufficient in identifying risks and threats to user data protection.
Breakdown of the $58K fine
The fine issued by KVKK included:
- ₺1.75 million ($50,780) for failing to implement necessary technical and administrative measures to prevent unlawful data processing.
- ₺250,000 for not notifying the authority promptly about the data breach.
Twitch’s temporary ban in Türkiye
Twitch faced a temporary ban in Türkiye earlier this year by the decision of the General Directorate of National Lottery Administration due to alleged illegal betting activities.
The ban was lifted a week later by the Information and Communication Technologies Authority (BTK).
