16.12.2025
2 min
428
Audio streaming platform SoundCloud has confirmed a cybersecurity breach in which threat actors accessed a database containing users’ email addresses and public profile information. The incident also caused service disruptions and VPN connectivity issues.
According to the company, unauthorized activity was detected within an ancillary service dashboard, prompting the activation of incident response procedures. The subsequent investigation determined that the breach was limited in scope and did not expose sensitive data such as passwords or financial information. The compromised data consisted solely of email addresses and information already visible on public SoundCloud profiles.
However, sources estimate that up to 20% of SoundCloud’s user base may have been affected — potentially impacting around 28 million accounts. As part of its security response, SoundCloud implemented configuration changes that temporarily blocked VPN access, resulting in 403 errors for some users.
Following the containment efforts, the platform also experienced denial-of-service attacks that briefly affected website availability. While SoundCloud has not officially named the attackers, sources suggest the extortion group ShinyHunters may be responsible, continuing its pattern of high-profile data theft and extortion campaigns.
Although SoundCloud states that the threat has been fully mitigated and no ongoing risk remains, the breach highlights how auxiliary systems and third-party components can become critical attack vectors. Even limited data exposure can increase the risk of phishing, social engineering, and further exploitation.
