- StreamElements confirmed a data breach happening at a former third-party
- Hundreds of thousands of customers lost sensitive information
- Hackers are already using the data to send phishing emails
Cloud-based streaming tools provider StreamElements has confirmed suffering a data breach after a hacker compromised one of the company’s former third parties.
“We recently became aware of a data security incident involving a third-party service provider we stopped working with last year,” the company said in an announcement on X. “We can confirm no StreamElements servers have been breached.”
In mid-March 2025, a threat actor with the alias “victim” opened up a new thread on BreachForums (a popular forum for all things cybercrime) and claimed to have stolen sensitive information belonging to 210,000 StreamElements customers. The archives included people’s full names, postal addresses, email addresses, and phone numbers, and their authenticity was confirmed by journalist Zach Bussey, who found his own information in the database.
Fake updaters
StreamElements is a cloud-based platform that provides tools for livestreamers, including overlays, alerts, chatbot automation, and tipping services.
While it claims no foul on its side, and shifts the blame on the unnamed third party, the threat actor says that they actually compromised a StreamElements employee with an infostealer.
That gave them enough access to exfiltrate the data, with the archives containing information generated between 2020 and 2024.
While there are not many things a threat actor can do with names, email addresses, and phone numbers, they can still engage in identity theft, or run custom-built phishing campaigns, whose success rate is usually better than generic ones.
To that end, StreamElements is already warning its customers that phishing emails started going out, tricking people with fake “data breach” emails.
“Heads up: Scammers are using this 3rd-party breach as bait to send fake “data breach” emails,” a new X post says. “These are not from StreamElements.
Do not open, don’t click, just report & delete. The breach is under investigation, and we’ll share updates via official channels when more information is available.”
The company said it started reaching out to affected customers to warn them about the possibility of attack. In the meantime, BleepingComputer reports that the original post on BreachForums has been deleted.
Via BleepingComputer
You might also like
- Oracle denies data breach after hacker claims to hold six million records
- We've rounded up the best password managers
- Take a look at our guide to the best authenticator app
