StreamElements reports third-party data breach

StreamElements, a  cloud-based streaming tools platform, is reporting a data breach that occurred at a third-party service provider after a threat actor leaked samples of stolen data on a hacking forum. 

The breach was publicized after a threat actor using the nickname "victim" claimed to have stolen data belonging to approximately 210,000 StreamElements customers on March 20, 2025. The hacker shared samples of the stolen information, and claims to have stolen personal details including:

• Full names
• Addresses
• Phone numbers
• Email addresses

According to claims made by the threat actor, the breach was executed by infecting a StreamElements employee with information-stealing malware, which subsequently allowed the attackers to take over an internal account and gain access to the platform's order management system. The hacker alleges that they exfiltrated user data spanning from 2020 to 2024 from this system.

Twitch-focused journalist and streaming commentator Zach Bussey reported that someone connected to the hacking group contacted him directly and provided evidence confirming the authenticity of the stolen data. Bussey stated, "I attempted to verify the legitimacy of the data breach by requesting my own personal details from orders placed in 2021 or 2022. Seconds later, they provided that information, including my name, address, postal code, phone number, and email."

StreamElements has reassured users that its own servers were not compromised in the attack, although older data stored at a third-party provider they stopped working with last year was exposed. The platform has already alerted its community about phishing attacks that are exploiting the security incident by sending fake "data breach" emails to users.