Twitch reportedly leaking user data to “hoss bots”

Another bot problem has surfaced on Twitch.

The streaming platform has finally started to crack down on hate raids but there’s another bot problem plaguing the site now. The bots are called “hoss” or “hoss00132” accounts.

What is a hoss bot on Twitch?

Hoss bots are Twitch accounts that all feature the word “hoss” followed by random numbers and words. They are a form of “follow bot,” which automatically follow streamers. Hoss bots are more concerning for a number of reasons.

Follow bots have lingered on Twitch for years but hoss bots can make a user’s IP address vulnerable. This happens if a streamer visits the bot’s profile.

Twitch users have been reporting the hoss bots for a month or so. One person told their story, stating that they went to the bot’s account to report them only to realize that the bot was “grabbing the IP” of anyone watching their stream.

Another Twitch user said “usually it can leak info about IP, country, ISP, browser version, device type, OS, battery level, whenever its charging or not, device orientation, screen size, preferred language.” This was possible due to Twitch’s extension system.

Twitch is apparently aware of the issue, according to an official document on the matter. The company has banned a few of the hoss bot accounts but it’s a particularly concerning issue on the site.

Data security is a problem for any website, but an exploit that allows personal information to be leaked is particularly worrisome. IP addresses aren’t necessarily a big deal on their own, but they open up avenues for bad actors to gather more sensitive data on victims.

Other known accounts can be viewed on the document while streamers await a solution.