StreamElements discloses third-party data breach after hacker leaks data
by lulagain - Wednesday March 26, 2025 at 10:49 PM
#1
[Image: breached.jpg]
Cloud-based streaming company StreamElements confirms it suffered a data breach at a third-party service provider after a threat actor leaked samples of stolen data on a hacking forum.
The platform has reassured users that the attack didn't impact its servers, though older data at a third-party provider they stopped working with last year was still exposed.
"We recently became aware of a data security incident involving a third-party service provider we stopped working with last year," the company tweeted on X.
"We can confirm no StreamElements servers have been breached."
"While this incident did not originate within StreamElements systems, we take the security of our customers' data seriously and are actively reaching out to them to assess and address the impact."
StreamElements is a popular cloud-based streaming tools platform used primarily by content creators on Twitch and YouTube. It provides a suite for stream overlays, tips/donations, chatbots, activity feeds, merch store integration, stream analytics, loyalty/reward systems, and more.
The platform has partnerships with major gaming brands and is used by many of the top and most watched Twitch streamers, with over one million registered creators.
StreamElement's statement comes after a threat actor using the nickname "victim" claimed to have stolen the data of 210,000 StreamElements customers on March 20, 2025. The threat actor also shared samples of the stolen data, which included full names, addresses, phone numbers, and email addresses.
Twitch-focused journalist and streaming commentator Zach Bussey reported that someone linked to the hacking group contacted him and provided evidence that confirmed the data is authentic.
"I attempted to verify the legitimacy of the data breach by requesting my own personal details from orders placed in 2021 or 2022," explained Bussey on X.
"Seconds later, they provided that information, including my name, address, postal code, phone number, and email."
The same hacker claimed that they breached a StreamElements employee via an information-stealing malware infection, which allowed them to take over an internal account and access the platform's order management system.
The threat actor says they stole data from that system, which consists of user data from 2020 until 2024.
Although these details haven't been officially validated by StreamElements, users registered with the service between these dates are advised to be extra vigilant for potential phishing and scamming attempts.
Earlier today, the platform alerted the community about phishing attacks taking advantage of the security incident to trick recipients with fake "data breach" emails.
As of yet, StreamElements has not started sending data breach notifications to impacted users and noted that an investigation is currently underway.
Notably, the threat actor's post on BreachForums has now been deleted.
[Image: 128.gif]
@Ater  @antisocial My Nigga's
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  SafePay ransomware threatens to leak 3.5TB of Ingram Micro data lulagain 2 219 08-05-2025, 04:00 AM
Last Post: xhuimix
  French telecom giant Orange discloses cyberattack lulagain 1 223 08-04-2025, 09:27 PM
Last Post: evasive
  ShinyHunters behind Salesforce data theft attacks at Qantas, Allianz Life, and LVMH lulagain 3 332 08-04-2025, 08:25 AM
Last Post: odin6699
  Your 23andMe genetic data could be bought by China, senator warns lulagain 3 351 08-02-2025, 11:34 AM
Last Post: StormyDon
  The GLOBAL GROUP ransomware gang is claiming responsibility for a breach of Albavisió MalWhere77 2 328 07-30-2025, 09:55 PM
Last Post: osamaladen819191

Forum Jump:


 Users browsing this thread: 1 Guest(s)