Yesterday, we at Cybersecurity88 reported that StreamElements’ data was being sold on an underground forum, although we couldn’t verify the authenticity of the claim. Today, StreamElements has officially confirmed the data breach.

Background

StreamElements is a popular cloud-based platform designed for streamers, offering a range of tools for content creators on Twitch and YouTube. It includes features like stream overlays, donation systems, chatbots, activity feeds, integration with merchandise stores, stream analytics, loyalty programs, and more.

With partnerships from leading gaming brands, it is popular among top-tier Twitch streamers and has over one million registered users.

What Happened

A threat actor named “victim” claimed to have stolen data from 210,000 StreamElements users on March 20, 2025. The threat actor shared samples of the stolen data, which contains full names, addresses, phone numbers, and email addresses.

                                      StreamElements Data Listed for Sale in a Forum

This data was posted yesterday, and StreamElements announced that the stolen information is older, coming from a third-party provider that StreamElements ceased working with last year. StreamElements has also reaffirmed that their systems remain secure.

Another concerning detail is that affected users received emails containing their PII, with the message claiming to be from the “Diddy Squad.”

                            The alleged email sent to affected users

Conclusion

In conclusion, users should remain vigilant for potential phishing attempts and be cautious of any suspicious communications. If you are among the affected individuals or have a feeling that something isn’t right, it’s strongly recommended to reset your password and monitor your accounts for any unusual activity. Staying alert can help minimize the risk of further security breaches.

Follow us on X and LinkedIn for the latest cybersecurity news.