As Twitch clamps down on hate raids – suing two users believed to be responsible – another bot problem has been receiving attention, this time related to ‘hoss’ or ‘hoss00132’ accounts. But what are they?
These accounts, many of which feature some variation of ‘hoss’ followed by numbers and random words, are follow botting streamers regularly.
Follow bots are always annoying, but are usually fairly innocuous, won’t cause any major security issues, and should quickly be banned by the platform.
However, these hoss bots are believed to be different, with reports that they can make a user’s IP address vulnerable by visiting their profile.
There are bot accounts on @Twitch that will capture your IP address if you click on their profile. Avoid clicking on unknown profiles until this is fixed.
Use this tool: https://t.co/2QLmyPGJZp
— NRG Isaac (@IceManIsaac) September 10, 2021
Regular Twitch users have been reporting this issue for over a month. Back in July, a user reported “I recently got followed by a person that looked like a spam/bot account so I went to their channel to attempt to report it for botting.
- Read More: What is a Twitch raid?
“When I checked out their channel, they happened to be live but on their description, they have something that was grabbing the IP of people that were watching their stream.”
Another user on the Twitch subreddit explained that it was due to Twitch’s extensions system, which can leak basic information like “IP, country, ISP, browser version, device type, OS, battery level, whenever its charging or not, device orientation, screen size, preferred language.”
Whether or not there is any real security risk to users from these bot accounts is unclear, but they are certainly a nuisance on the platform.
And there are likely others outside of those using the ‘hoss’ name, so it may not be so easy to spot all of them
In the meantime, users can use this list of known accounts using this document. The document claims that “Twitch is aware of the issue.”