Practically all streamers use extensions on Twitch nowadays, but an incident reminded them bots developed by third parties can cause serious security issues.
On Sept. 10, the Pando Twitch extension was removed from the platform due to an exploit found by hackers. They took control of the chat of some streamers to post profanity or spam links.
Streamers discussed the issues and quickly identified Pando as the common link between them. It apparently also involved the Stream Alerts TV extension, which was developed by the same team.
In addition, the extension might have compromised the streamer’s accounts. The issue forced some streamers to cut their livestream short. It happened to all sorts of streamers, regardless of their audience.
Streamer LunaBori saw her chat spammed with threats and a Discord server link. She tried some fixes like disabling bots, but ultimately had to disconnect and restart the livestream. After this, and with bots disabled, she was able to curb the issue.
The developer of the extension quickly reacted to the user’s complaints and removed it from the platform. “The extension has been disabled now but it may be worth logging out and resetting your password to remove active connections just in case,” streamer ADJ wrote.
CVS Gaming, the team that developed the Pando extension, said it worked on an update to curb the issue and fix the exploit found by hackers. “Twitch has already disabled the extension, so there are no further risks for any creators,” the developer told Dot Esports.
It added users might wait for a couple more days since Twitch has to approve the update before it’s introduced to the platform. Stream Alerts TV also doesn’t seem to be working now, which means it might also be under approval for a new update.
Published: Sep 11, 2023 03:58 am