Cloud-based streaming firm StreamElements confirms it suffered a data breach at a third-party service supplier after a risk actor leaked samples of stolen knowledge on a hacking discussion board.
The platform has reassured customers that the assault did not influence its servers, although older knowledge at a third-party supplier they stopped working with final yr was nonetheless uncovered.
“We lately grew to become conscious of an information security incident involving a third-party service supplier we stopped working with final yr,” the corporate tweeted on X.
“We are able to verify no StreamElements servers have been breached.”
“Whereas this incident didn’t originate inside StreamElements methods, we take the security of our prospects’ knowledge significantly and are actively reaching out to them to evaluate and deal with the influence.”
StreamElements is a well-liked cloud-based streaming instruments platform used primarily by content material creators on Twitch and YouTube. It offers a set for stream overlays, ideas/donations, chatbots, exercise feeds, merch retailer integration, stream analytics, loyalty/reward methods, and extra.
The platform has partnerships with main gaming manufacturers and is utilized by lots of the high and most watched Twitch streamers, with over a million registered creators.
StreamElement’s assertion comes after a risk actor utilizing the nickname “sufferer” claimed to have stolen the info of 210,000 StreamElements prospects on March 20, 2025. The risk actor additionally shared samples of the stolen knowledge, which included full names, addresses, telephone numbers, and e-mail addresses.
Supply: BleepingComputer
Twitch-focused journalist and streaming commentator Zach Bussey reported that somebody linked to the hacking group contacted him and offered proof that confirmed the info is genuine.
“I tried to confirm the legitimacy of the data breach by requesting my very own private particulars from orders positioned in 2021 or 2022,” defined Bussey on X.
“Seconds later, they offered that data, together with my title, deal with, postal code, telephone quantity, and e-mail.”
The identical hacker claimed that they breached a StreamElements worker through an information-stealing malware an infection, which allowed them to take over an inner account and entry the platform’s order administration system.
The risk actor says they stole knowledge from that system, which consists of consumer knowledge from 2020 till 2024.
Though these particulars have not been formally validated by StreamElements, customers registered with the service between these dates are suggested to be further vigilant for potential phishing and scamming makes an attempt.
Earlier at present, the platform alerted the neighborhood about phishing assaults making the most of the security incident to trick recipients with faux “data breach” emails.
As of but, StreamElements has not began sending data breach notifications to impacted customers and famous that an investigation is presently underway.
Notably, the risk actor’s put up on BreachForums has now been deleted.
Based mostly on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and easy methods to defend in opposition to them.
