TZUTC: -0500   
   MSGID: 724.consprcy@1:2320/105 2c4bfd1f   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Cloud streaming hoster StreamElements confirms data breach following attack   
      
   Date:   
   Thu, 27 Mar 2025 16:21:00 +0000   
      
   Description:   
   A former third-party lost sensitive data on hundreds of thousands of users    
   and now people are getting phishing emails.   
      
   FULL STORY   
      
   Cloud-based streaming tools provider StreamElements has confirmed suffering a   
   data breach after a hacker compromised one of the companys former third   
   parties.    
      
   We recently became aware of a data security incident involving a third-party   
   service provider we stopped working with last year, the company said in an   
   announcement on X. We can confirm no StreamElements servers have been   
   breached.    
      
   In mid-March 2025, a threat actor with the alias victim opened up a new    
   thread on BreachForums (a popular forum for all things cybercrime) and    
   claimed to have stolen sensitive information belonging to 210,000   
   StreamElements customers. The archives included peoples full names, postal   
   addresses, email addresses, and phone numbers, and their authenticity was   
   confirmed by journalist Zach Bussey, who found his own information in the   
   database.    
      
   Fake updaters   
      
   StreamElements is a cloud-based platform that provides tools for   
   livestreamers, including overlays, alerts, chatbot automation, and tipping   
   services.    
      
   While it claims no foul on its side, and shifts the blame on the unnamed    
   third party, the threat actor says that they actually compromised a   
   StreamElements employee with an infostealer.    
      
   That gave them enough access to exfiltrate the data, with the archives   
   containing information generated between 2020 and 2024.    
      
   While there are not many things a threat actor can do with names, email   
   addresses, and phone numbers, they can still engage in identity theft , or    
   run custom-built phishing campaigns, whose success rate is usually better    
   than generic ones.    
      
   To that end, StreamElements is already warning its customers that phishing   
   emails started going out, tricking people with fake data breach emails.    
      
   Heads up: Scammers are using this 3rd-party breach as bait to send fake data   
   breach emails, a new X post says. These are not from StreamElements.    
      
   Do not open, dont click, just report & delete. The breach is under   
   investigation, and well share updates via official channels when more   
   information is available.    
      
   The company said it started reaching out to affected customers to warn them   
   about the possibility of attack. In the meantime, BleepingComputer reports   
   that the original post on BreachForums has been deleted.    
      
    Via BleepingComputer   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/cloud-streaming-hoster-streamelements-c   
   onfirms-data-breach-following-attack   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426