Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Following threat actors posting samples online, popular cloud-based streaming platform StreamElements has confirmed that it suffered a cyber attack.
StreamElements is a platform that provides streamers with a variety of tools to enhance their streams, such as analytics, overlays, chatbots, the ability for viewers to tip and donate, merch store integration, and more. It is used by the most popular streamers on the Twitch streaming service and has partnerships with a number of gaming companies.
On 24 March, a threat actor by the name of “victim” claimed the breach on a popular hacking forum, saying they had breached StreamElements on 20 March and exfiltrated the data of 210,000 customers.
Data reportedly include names, addresses, phone numbers and email addresses.
StreamElements confirmed the incident, saying that the leak was the result of a third-party data breach of a company they stopped working with in 2024.
“We recently became aware of a data security incident involving a third-party service provider we stopped working with last year,” said StreamElements in a post on X.
“We can confirm no StreamElements servers have been breached.
“While this incident did not originate within StreamElements systems, we take the security of our customers’ data seriously and are actively reaching out to them to assess and address the impact.”
We recently became aware of a data security incident involving a third-party service provider we stopped working with last year.
— StreamElements Support (@StreamElementsS) March 25, 2025
We can confirm no StreamElements servers have been breached.
While this incident did not originate within StreamElements systems, we take the…
As reported by BleepingComputer, Twitch and streaming journalist and commentator Zach Bussey confirmed the data was authentic through communications with someone connected to the threat group.
“I was contacted by someone claiming to be part of the hacker group. I attempted to verify the legitimacy of the data breach by requesting my own personal details from orders placed in 2021 or 2022,” said Bussey.
“Seconds later, they provided that information, including my name, address, postal code, phone number, and email.
“According to this person, a StreamElements employee fell victim to a malware ‘stealer,’ which compromised their account and granted the group access to StreamElements’ Order Management System sometime in 2023.
“They exported all order data from 2020 to 2024 (up until when StreamElements exited the merch business). I cannot independently verify these claims.”
StreamElements Merch Data Breach Update
— Zach Bussey 🇨🇦 (@zachbussey) March 25, 2025
I was contacted by someone claiming to be part of the hacker group. I attempted to verify the legitimacy of the data breach by requesting my own personal details from orders placed in 2021 or 2022. Seconds later, they provided that… https://t.co/Fc9v3TZtoM pic.twitter.com/P8PpXa9bn4
As Bussey outlined, the data has not yet been made public. Additionally, the post has been removed from the hacking forum. However, this does not eliminate the chance of data surfacing or threat actors using it for phishing and other scams.
StreamElements has yet to send out breach notifications.
Be the first to hear the latest developments in the cyber industry.
