Patch security holes that allowed for a streamer to be hate raided and follow botted.
Note: this idea includes links to where security vulnerabilities were found because having that knowledge is better for tackling the issue heads on.
I am a mod for AshuriiYuki who got hit with a hate raid and bot follow spam pretty early in her stream on April 19th, 2022. Between AshuriiYuki and her mods, we were able to handle the raid without much incident, though AshuriiYuki is upset over the incident.
As a postmortem: the raid was most likely initiated by nottoggl3d who joined stream and said "wow you're bad". Screen shot of their message included. Immediately thereafter there were about 100 accounts who joined stream and followed, making chat effectively useless for a period of time.
I looked at a handful of the accounts, and they all seem to have "ZiroGen v4.5 :D" in their about information, alongside lorem ipsum text. This is how we found the linked GitHub here: https://github.com/ZiroLake/ZiroGen-twitch-source-code.
I hope that the inclusion of this was the mistake of a novice thinking they are untouchable rather than v4.5 being pointed out as it is going to be retired for the next iteration of their attack. I also want to make note of lines 273 through 305 and lines 321 through 348. These sections reference Arkose Labs as part of the attack to create bot accounts. It might be good to reach out to them to make sure they know of this as they might be able secure their processes against this attack as well. Line 567 does seem to indicate that this is v4.5 of this script.
I also want to point out that the GitHub account that made this repository looks to be a throwaway account as it was created April 18, 2022.
I hope that this information can be useful in updating bot monitoring so other streamers are not hit with similar attacks, as not all streamers will be able to shake off this sort of behavior like AshuriiYuki was able to.
I reported this same information through the bugcrowd reporting tool (found here: https://bugcrowd.com/submissions/f91065f000084cac7efa38be7dc589b5cf717580cb254fbe35190b98d8fd6a01), and this was classified as a "security issue affecting an individual account" by chiekenJoe, and they told me to report it here, so hopefully someone here will take this more seriously.