Cloud-based streaming company StreamElements confirms it suffered a data breach at a third-party service provider after a threat actor leaked samples of stolen data on a hacking forum. The platform has reassured users that the attack didn't impact its servers, though older data at a third-party provider they stopped working with last year was still exposed. StreamElement's statement comes after a threat actor using the nickname "victim" claimed to have stolen the data of 210,000 StreamElements customers on March 20, 2025. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. "We recently became aware of a data security incident involving a third-party service provider we stopped working with last year," the company tweeted on X. Earlier today, the platform alerted the community about phishing attacks taking advantage of the security incident to trick recipients with fake "data breach" emails. The threat actor also shared samples of the stolen data, which included full names, addresses, phone numbers, and email addresses. As of yet, StreamElements has not started sending data breach notifications to impacted users and noted that an investigation is currently underway. "I attempted to verify the legitimacy of the data breach by requesting my own personal details from orders placed in 2021 or 2022," explained Bussey on X. Twitch-focused journalist and streaming commentator Zach Bussey reported that someone linked to the hacking group contacted him and provided evidence that confirmed the data is authentic. The threat actor says they stole data from that system, which consists of user data from 2020 until 2024.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 26 Mar 2025 18:45:17 +0000