StreamElements, a cloud-based streaming company popular among content creators on platforms like Twitch and YouTube, has confirmed a data breach involving a third-party service provider. This revelation comes after a threat actor leaked samples of stolen data on a hacking forum, causing alarm among users of the service.
The company reassured users that its own servers were not compromised in the attack. However, older data from a third-party provider, with whom StreamElements ceased collaboration last year, was exposed. “We recently became aware of a data security incident involving a third-party service provider we stopped working with last year,” the company stated in a post on X.
According to reports, the threat actor, known as ‘victim’, claimed to have stolen data from 210,000 StreamElements customers. The leaked information reportedly includes full names, addresses, phone numbers, and email addresses. A Twitch-focused journalist, Zach Bussey, confirmed the authenticity of the data by requesting his own personal details, which were promptly provided to him.
The hacker claimed to have accessed an internal account through an infected employee’s device, enabling access to the platform’s order management system and user data spanning from 2020 to 2024. While StreamElements has initiated an investigation, it has yet to notify affected users about the breach. The platform also issued a warning regarding phishing attacks that attempt to exploit the recent incident via fake emails.