Cloud streaming hoster StreamElements confirms data breach following attack

Date:
Thu, 27 Mar 2025 16:21:00 +0000

Description:
A former third-party lost sensitive data on hundreds of thousands of users
and now people are getting phishing emails.

FULL STORY

Cloud-based streaming tools provider StreamElements has confirmed suffering a data breach after a hacker compromised one of the companys former third parties.

We recently became aware of a data security incident involving a third-party service provider we stopped working with last year, the company said in an announcement on X. We can confirm no StreamElements servers have been
breached.

In mid-March 2025, a threat actor with the alias victim opened up a new
thread on BreachForums (a popular forum for all things cybercrime) and
claimed to have stolen sensitive information belonging to 210,000 StreamElements customers. The archives included peoples full names, postal addresses, email addresses, and phone numbers, and their authenticity was confirmed by journalist Zach Bussey, who found his own information in the database.

Fake updaters

StreamElements is a cloud-based platform that provides tools for
livestreamers, including overlays, alerts, chatbot automation, and tipping services.

While it claims no foul on its side, and shifts the blame on the unnamed
third party, the threat actor says that they actually compromised a StreamElements employee with an infostealer.

That gave them enough access to exfiltrate the data, with the archives containing information generated between 2020 and 2024.

While there are not many things a threat actor can do with names, email addresses, and phone numbers, they can still engage in identity theft , or
run custom-built phishing campaigns, whose success rate is usually better
than generic ones.

To that end, StreamElements is already warning its customers that phishing emails started going out, tricking people with fake data breach emails.

Heads up: Scammers are using this 3rd-party breach as bait to send fake data breach emails, a new X post says. These are not from StreamElements.

Do not open, dont click, just report & delete. The breach is under investigation, and well share updates via official channels when more information is available.

The company said it started reaching out to affected customers to warn them about the possibility of attack. In the meantime, BleepingComputer reports
that the original post on BreachForums has been deleted.

Via BleepingComputer

======================================================================
Link to news story: https://www.techradar.com/pro/security/cloud-streaming-hoster-streamelements-c onfirms-data-breach-following-attack

$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)