StreamElements discloses third-party data breach after hacker leaks data

Cloud-based streaming company StreamElements confirms it suffered a data breach at a third-party service provider after a threat actor leaked samples of stolen data on a hacking forum.

The platform has reassured users that the attack didn't impact its servers, though older data at a third-party provider they stopped working with last year was still exposed.

"We recently became aware of a data security incident involving a third-party service provider we stopped working with last year," the company tweeted on X.

"We can confirm no StreamElements servers have been breached."

"While this incident did not originate within StreamElements systems, we take the security of our customers' data seriously and are actively reaching out to them to assess and address the impact."

StreamElements is a popular cloud-based streaming tools platform used primarily by content creators on Twitch and YouTube. It provides a suite for stream overlays, tips/donations, chatbots, activity feeds, merch store integration, stream analytics, loyalty/reward systems, and more.

The platform has partnerships with major gaming brands and is used by many of the top and most watched Twitch streamers, with over one million registered creators.

StreamElement's statement comes after a threat actor using the nickname "victim" claimed to have stolen the data of 210,000 StreamElements customers on March 20, 2025. The threat actor also shared samples of the stolen data, which included full names, addresses, phone numbers, and email addresses.

Twitch-focused journalist and streaming commentator Zach Bussey reported that someone linked to the hacking group contacted him and provided evidence that confirmed the data is authentic.

"I attempted to verify the legitimacy of the data breach by requesting my own personal details from orders placed in 2021 or 2022," explained Bussey on X.

"Seconds later, they provided that information, including my name, address, postal code, phone number, and email."

The same hacker claimed that they breached a StreamElements employee via an information-stealing malware infection, which allowed them to take over an internal account and access the platform's order management system.

The threat actor says they stole data from that system, which consists of user data from 2020 until 2024.

Although these details haven't been officially validated by StreamElements, users registered with the service between these dates are advised to be extra vigilant for potential phishing and scamming attempts.

Earlier today, the platform alerted the community about phishing attacks taking advantage of the security incident to trick recipients with fake "data breach" emails.

As of yet, StreamElements has not started sending data breach notifications to impacted users and noted that an investigation is currently underway.

Notably, the threat actor's post on BreachForums has now been deleted.