HQ/EMEAFind out how we can help your business
The cloud-based streaming company StreamElements confirmed that one of its third-party service providers became the subject of a data breach attack. The disclosure comes after a threat actor exposed alleged stolen data samples on a dark web forum.
The site has already notified users that the hack did not affect its servers, but older data from a third-party source with whom they stopped working last year remained exposed.
Still, the company insisted that it takes the security of customers’ data seriously and actively communicates with them to investigate and resolve the issue, even though the problem did not occur within its systems.
StreamElements is a streaming tool platform that provides services to content creators.
StreamElements is a widely used cloud-based streaming tool platform that primarily serves Twitch and YouTube content providers.
The tool became popular among content creators as it offers a range of features, such as stream overlays, tips/donations, chatbots, activity feeds, merch store integration, stream analytics, loyalty/reward systems, and more.
Additionally, the platform collaborates with big gaming businesses and is used by many of the most popular and watched Twitch streams.
However, the company’s revelation of a recent hack comes after a threat actor dubbed “victim” claimed to have stolen the data of 210,000 StreamElements users this month. The threat actor also provided samples of the stolen data, such as full names, addresses, phone numbers, and email addresses, to prove the legitimacy of their claims.
Furthermore, a Twitch-focused journalist and streaming commentator claimed that someone associated with a hacking organisation contacted him and offered proof that confirmed the stolen data’s authenticity.
The alleged hackers immediately provided the purported information, which included my name, residence, postal code, phone number, and email. The same hacker claimed to have compromised a StreamElements employee with an infostealing malware infection, allowing them to take over an internal account and access the platform’s order management system.
The threat actor claims they took data from that system, which included user information from 2020 to 2024.
Although the affected company has not formally verified this information, users registered with the service between the affected dates are encouraged to be cautious of phishing and scam efforts.
