Column: Facebook and Twitch had a rough week

Jacob DeWeerd, Staff Writer

Twitch.tv and Facebook.com are two of the most popular websites on the internet. With billions of monthly visits and users trusting these websites to keep their sensitive data safe, one might assume their security and upkeep measures would be impenetrable. So, how did Facebook and Twitch end up in headlines this week for a catastrophic outage and a massive security failure?

On Monday, Facebook was completely removed from the internet for six hours, taking down Instagram, WhatsApp and Oculus’ services with it. The problem was apparently related to a server reconfiguration, but whatever was changed also affected the entire company’s internal communication channels. Facebook employees could not even communicate with their colleagues to try and figure out what was going on.

Twitch, on the other hand, suffered one of the biggest data breaches ever seen for such a large platform. The Guardian reported that 125 gigabytes of data including the site’s source code, internal security tools, and several years’ worth of payout information for some of its largest streamers was leaked via 4chan on Wednesday. The data also included references to a virtual game marketplace codenamed “Vapor” which sounds like a direct competitor to the most popular PC game marketplace, Steam.

High-profile meltdowns for such massive websites are relatively rare, so to see two in the same week is almost unheard of. It is also uncommon to see sites go down for as long as Facebook did, although it did go down for more than 24 hours back in 2019. Twitch’s breach is also unique in that the hacker did not target user information; instead, they chose to release information that would be most damaging to Twitch and its parent company, Amazon.

Even though Facebook and Twitch likely lost tens of millions of dollars as a result of these issues, the real victims of this situation were users and those who rely on these platforms’ services for their livelihoods. 

Although WhatsApp is not very popular in the United States, over two billion people around the world have downloaded it and in many countries, WhatsApp is the preferred method of communication for smartphone users. In places like India and Brazil, WhatsApp is much more common than messaging apps from Apple and Google because it’s free to use and doesn’t require users to pay for texting privileges on their data plans. 

While Facebook and its services were down, anyone who communicated through WhatsApp lost connection to friends, family, clients, and coworkers, and had no way of knowing when the app was going to come back online. Six hours may not seem like a long time, but that was six hours where parents could not message their children, businesses couldn’t contact their customers, and family members could not share important news.

The results of Twitch’s breach were not quite so bad for streamers – some of whom took the payment leaks in stride – or viewers, but the breach came during a period of widespread protest against Twitch’s moderation methods. 

Over the last few weeks, streamers have been spreading #ADayOffTwitch and #TwitchDoBetter hashtags which aimed to bring attention to ongoing problems like hate raids and harassment. #TwitchDoBetter was included in the 4chan post containing the leaked files, so it is possible that the hack was related to Twitch’s response to the movement.

Outages and data breaches make for big news because of these platforms’ popularity, but they also show how fragile massive websites can be. The world’s biggest social media company was quite literally wiped from the internet for half a day because a server was misconfigured. The world’s biggest game streaming site had its entire code framework, security tools, and the payment information for its biggest creators leaked by one 4chan user.

If nothing else, the events of the past week should convince internet users that nothing is ever truly secure online. They should also convince users to change their passwords once in a while. 

Seriously, go change your passwords. Just in case.