StreamElements confirmed a data breach involving a third-party service provider, with a hacker leaking samples of stolen data. The breach did not impact StreamElements’ own servers but exposed older data from a provider the company stopped working with last year. The company assured users that no data from their servers was compromised and they are actively contacting affected users. Although the data did not originate from their systems, StreamElements emphasized the importance of customer data security.
The threat actor, named “victim,” claimed to have stolen data from 210,000 customers.
On March 20, 2025, the hacker leaked samples containing personal information such as full names, phone numbers, addresses, and emails. The breach was verified when journalist Zach Bussey confirmed his personal information was included in the leaked data. StreamElements has yet to officially confirm the data’s authenticity but warned users to stay alert for phishing attempts related to the breach.
The hacker claimed to have breached an internal StreamElements account via an employee’s malware-infected device. The stolen data reportedly includes user information from 2020 to 2024, though this has not been independently verified. StreamElements has urged affected users to be cautious of phishing and scamming attempts following the breach.
The company has not yet issued breach notifications but is investigating the incident.
StreamElements also warned users of phishing campaigns exploiting the data breach, with fake “data breach” emails circulating. Despite the severity of the situation, the platform has not provided detailed information on the scope of the breach. The company continues to assess the impact while prioritizing customer data security. The hacker’s post on BreachForums, where they originally shared the stolen data, has since been deleted.
Reference:
