Amazon’s gaming live-streaming platform Twitch has been the subject of a data leak, exposing confidential company information and streamers' earnings. Let us dive into the details.
What happened exactly?
The turbulent data leak resulted in spilling over 100 gigabytes of data – including sensitive personal data, Twitch’s internal source code, technical details of upcoming projects, along with names of top streamers and millions of their earnings. Although Twitch stated that login credentials and bank information have not been affected, the concerned parties (data subjects) are rightly concerned about their financial security.
Why did this happen?
Twitch blamed server configuration errors for the data breach, which again shines a spotlight on Twitch’s security measures. Some of the leaked information also dates back three years, suggesting that the servers may have been exposed for a longer period.
Why we should care?
Integrity and confidentiality of personal data is critical to Information Security. Information can be deeply personal, disclosing sensitive content. Being a victim of data breach can lead to serious identity theft. The severity of a data breach can be measured by the damage it causes to the relationship between a brand and its customers.
That said, for this breach to be so severe, it highlights that there were serious flaws in the company’s overall information security management. What system monitoring did they have in place to miss such vast amounts of data being breached? And how did they not learn from a previous breach?
What can you do to avoid such data breaches?
“To err is human” – human error can always happen. But simple mistakes can be avoided. According to the Online Trust Alliance’s (OTA) Cyber Incident & Breach Trends Report, 90 percent of data breaches are avoidable. So, what can be done to prevent hack and the fines? The answer is ISO 27001 ISMS. The international standard for information security is specifically designed for the prevention of data breaches.
Here are some simple benefits that you can get from ISO 27001 certification:
- Improved Data Protection: Strong Information Security Management System (ISMS) in the framework ensures data protection is in the right place.
- Competitive Edge: Brand value of organization is enhanced as it gives a sense of confidence to customers and clients in terms of data security.
- Compliance with legality: Legal obligations and regulations related to information security are met.
- Efficient Risk Management: Secure exchange of information is enabled, mitigating the risk of security incidents.
- Technology and Compliance: Technology is ever-changing and being compliant with it is critical in terms of information security. With ISO 27001, meeting new requirements is easy in compliance with privacy.
- Immunity from Penalties: Plugging in the gaps in the data privacy framework can avoid hefty fines.
ISO 27001, the global benchmark for Information Security Management, strengthens the security position of an organisation. If you need help getting ISO 27001 certified or setting up a watertight ISMS, check out our InfoSec-as-a-Service solution and get in touch with us!