StreamElements blames third party vendor for a major customer data breach

Cloud-based streaming tools provider StreamElements said it suffered a serious cyber security incident that resulted from a security incident at one of its service providers.

 

StreamElements is a leading platform for live streaming on video-based platforms like YouTube, Twitch and Facebook. The platform provides live streamers with tools such as overlays, alerts, chatbots, tipping services and more.

 

In a social media post, StreamElements

it recently became aware of a data security incident involving a third-party service provider the company stopped working with last year. 

 

“We can confirm no StreamElements servers have been breached,” it said. “While this incident did not originate within StreamElements systems, we take the security of our customers’ data seriously and are actively reaching out to them to assess and address the impact.”

 

The company disclosed the data security incident publicly after a threat actor using the moniker “victim” claimed responsibility for the data security incident and listed StreamElements as a victim on the dark web. The threat actor said they were in possession of data of 210,000 StreamElements customers, including their names, addresses, phone numbers, and email addresses.

 

In a post on microblogging platform X, journalist and streaming commentator Zach Bussey said he was contacted by the threat actor who described the chain of events leading up to the cyber security incident.

 

 

“I attempted to verify the legitimacy of the data breach by requesting my own personal details from orders placed in 2021 or 2022. Seconds later, they provided that information, including my name, address, postal code, phone number, and email.

 

“According to this person, a StreamElements employee fell victim to a malware ’stealer,’ which compromised their account and granted the group access to StreamElements’ Order Management System sometime in 2023. They exported all order data from 2020 to 2024 (up until when StreamElements exited the merch business). I cannot independently verify these claims,” Bussey wrote on X.

 

StreamElements said it is currently investigating the data security incident and will share more information as and when available.