There are several ways why this could have happened.
1) The payment-data were just artifacts left on some file-server or from a process, which was accessible from dev-space.
2) No real systems were accessed and everything, it's all from a bad backup-server or poorly managed worker-pool.
3) Multiple Persons got hacked.
4) Exit-Scam of one or more Workers who just had broad enough access for some reason.
5) Twitch's security is just that bad.
Some notable thing is, the payment-data are quite limited, there are no real private data it seems, and the git-history seems also be missing. It's not sure whether this is on purpose and whether more data will follow. But this overall hints so far that this at least was not a full deep hack.
git commits are a good place to look for passwords/users checked in. unless you specifically prune them. so your current mainline may not have it but the stuff is still there in the commit history chain. so if you have access to that you probably could leverage it into several other systems.
1) The payment-data were just artifacts left on some file-server or from a process, which was accessible from dev-space.
2) No real systems were accessed and everything, it's all from a bad backup-server or poorly managed worker-pool.
3) Multiple Persons got hacked.
4) Exit-Scam of one or more Workers who just had broad enough access for some reason.
5) Twitch's security is just that bad.
Some notable thing is, the payment-data are quite limited, there are no real private data it seems, and the git-history seems also be missing. It's not sure whether this is on purpose and whether more data will follow. But this overall hints so far that this at least was not a full deep hack.