SoundCloud Data Breach Exposes Millions as Hackers Steal User Emails

The streaming platform SoundCloud has confirmed that recent outages and problems accessing the service via VPN were the result of a security incident: attackers exfiltrated a database containing users’ email addresses and profile information. Over the past four days, users had complained that the site failed to load when connected through a VPN, returning a 403 Forbidden error.

The company stated that it detected unauthorized activity linked to the administrative panel of an auxiliary service, after which it initiated its incident response procedures. SoundCloud acknowledged that the attacker gained access to a portion of its data, but emphasized that the breach was limited in scope. According to the company, no sensitive information such as financial details or passwords was compromised; the stolen dataset consisted solely of email addresses and information already visible on public SoundCloud profiles.

According to BleepingComputer, the incident affected roughly 20 percent of SoundCloud’s user base, which—given publicly cited audience figures—could translate to approximately 28 million accounts. SoundCloud said it is confident that all unauthorized access to its systems has now been blocked and that there is no ongoing risk to the platform.

The company also reported that, working alongside external cybersecurity experts, it has strengthened its defenses by enhancing monitoring and threat detection, revising access controls, and assessing related systems. However, one configuration change made as part of the incident response disrupted VPN access, and SoundCloud has not yet provided a timeline for full restoration.

In the aftermath of the breach, SoundCloud was also hit by DDoS attacks that temporarily affected the availability of the platform’s web interface. Following publication of the initial reports, SoundCloud issued a separate security notice detailing these developments.

SoundCloud has not disclosed who was behind the breach. BleepingComputer, however, reports receiving a tip suggesting that the data theft may be linked to the ShinyHunters extortion group, which is allegedly attempting to blackmail SoundCloud. The report also notes that ShinyHunters has previously been associated with the PornHub incident.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy