StreamElements Data Breach

Summary

StreamElements confirmed a data breach at a third-party service provider impacting 210,000 users. Leaked data includes names, addresses, phone numbers, and email addresses, originating from their order management system between 2020 and 2024. StreamElements urges vigilance against phishing attacks exploiting the breach.

Protect your data without breaking the bankTrueNAS combines award-winning quality with cost efficiency.

** Main Story**

Okay, so StreamElements, the platform a lot of streamers rely on? They’ve just confirmed a third-party data breach, and it’s affecting around 210,000 users, give or take. Now, the good news is, StreamElements says their servers are still secure. It’s a third-party provider they stopped using last year where the breach actually happened.

Diving into the Details

Some hacker, going by the name ‘victim’ online, took credit for it over on a hacking forum on March 20th. Apparently, they swiped personal data from all those StreamElements customers and then, to prove it, leaked some samples of what they got. We’re talking full names, addresses, phone numbers, email addresses, the works. It’s a pretty standard MO, sadly.

And get this, Zach Bussey, who’s a journalist who covers streaming, verified the breach. Someone connected to the hacking group reached out, and Bussey asked for his own info from some old orders he made back in 2021 and 2022. Boom, they sent him the correct details. Pretty solid confirmation, wouldn’t you say?

So, How Did This Happen?

Well, the hacker is saying that they got in through a StreamElements employee’s internal account, probably because of some malware infection. That then let them poke around the platform’s order management system and pull user data from way back in 2020 all the way up to 2024. Yeah, that’s a long time.

Hudson Rock, that cybercrime intelligence firm, even chimed in. Apparently, an employee’s computer got hit with Redline Infostealer malware back in July of 2023. This led to them stealing some corporate credentials linked to Gooten.com, which is a print-on-demand service StreamElements used to use for their merchandise. Talk about a domino effect.

StreamElements’ Response and What You Should Do

StreamElements is saying they’re taking it seriously and doing a full investigation. They’ve also warned everyone about phishing scams that are already popping up. It’s almost predictable, isn’t it? Scammers are sending fake “data breach” emails, trying to trick people. So, heads up, be extra careful about clicking links or opening attachments in emails, especially if you’ve used StreamElements. I mean it goes without saying, but I’m saying it anyway.

Even though StreamElements hasn’t started sending out official breach notifications yet, if you registered between 2020 and 2024, you need to be on high alert. Seriously, go change your StreamElements password, and if you use that same password anywhere else – which, you really shouldn’t, but I know we all do it – change it there too. And keep a close eye on your bank accounts for anything suspicious. I would even say, maybe set up some fraud alerts on your credit file, just in case.

Looking Ahead

This whole thing just underscores the dangers of third-party vendors, doesn’t it? Even after you stop working with them, they can still cause you headaches. Companies need to make sure their data security measures extend to all their partners and stay vigilant even after those partnerships are over. As of today, March 29, 2025, the investigation is still going on, and StreamElements is promising to share updates as they get them. The original post on that BreachForums site? Gone. So, it looks like at least some action is being taken.

But honestly, doesn’t this make you wonder if any of us are truly safe out there?