Listen to this Post
StreamElements, a popular cloud-based streaming platform, has confirmed it suffered a data breach involving a third-party service provider. This breach exposed sensitive user data, though the company reassured its customers that their own servers were not affected. The breach occurred when a third-party provider, whom StreamElements stopped working with last year, was compromised. The leaked data was later posted on a hacking forum, revealing personal information from over 200,000 users.
StreamElements is well-known for offering streaming tools used by creators on platforms like Twitch and YouTube. These tools include stream overlays, chatbots, donation systems, loyalty/reward systems, and more. Despite this breach, the company emphasized that its own infrastructure was not breached, and only older data from the third-party provider was exposed.
the Incident
On March 20, 2025, a hacker, using the alias “victim,” claimed to have stolen data from 210,000 StreamElements users. The stolen data, which included full names, addresses, phone numbers, and email addresses, was leaked on a hacking forum. StreamElements responded quickly, confirming that its own servers were secure and the data involved came from a provider it ceased working with in 2024.
The hacker also mentioned they gained access to an internal StreamElements account via an employee’s malware infection. Through this, they accessed the company’s order management system, which contained user data from 2020 to 2024. However, StreamElements has not confirmed the hacker’s claims, and investigations into the breach are ongoing.
The leak led to an increase in phishing attempts, with scammers using the breach as an opportunity to trick users into providing personal information through fake emails. As of now, StreamElements has not started notifying affected users but is taking steps to address the incident.
What Undercode Says:
This breach highlights several key issues related to data security, particularly the risks associated with third-party providers. StreamElements’ quick response in reassuring its customers that its servers were not directly impacted is a positive sign of transparency. However, the fact that data was compromised through a third-party provider shows that companies are still vulnerable to risks beyond their immediate control. It also raises questions about the long-term storage of sensitive data and whether it should be managed more carefully by providers once the relationship ends.
Third-party risks have become a major point of concern in the cybersecurity field. When companies rely on external providers to handle data, they are often left vulnerable to incidents like this one, where even old data can be exposed years after the relationship has ended. The breach also highlights the need for more robust security protocols across all layers of an organization’s ecosystem, including employees who might unknowingly contribute to data compromises.
The hacker’s claim of having accessed StreamElements’ internal systems by exploiting an employee’s compromised account shows the increasing sophistication of cyberattacks. Information-stealing malware and credential theft continue to be significant risks. Businesses need to adopt a zero-trust security model to limit the potential damage from compromised accounts and ensure that every access point is secured, regardless of whether it originates internally or externally.
Moreover, the reported phishing attempts underline the importance of consumer awareness in data security. Even after a breach, the tactics used by threat actors to exploit personal information highlight a critical need for users to stay vigilant and exercise caution when responding to unsolicited communications.
Fact Checker Results:
- StreamElements confirmed no breach within their own infrastructure, only through a third-party service provider.
- The hacker’s data claims have been partially verified, as demonstrated by journalist Zach Bussey’s personal data being confirmed.
- Despite the breach, StreamElements is still investigating and has yet to notify affected users.
References:
Reported By: https://www.bleepingcomputer.com/news/security/streamelements-discloses-third-party-data-breach-after-hacker-leaks-data/
Extra Source Hub:
https://www.twitter.com
Wikipedia
Undercode AI
Image Source:
Pexels
Undercode AI DI v2





