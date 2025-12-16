SoundCloud confirms unauthorized system access and data breach

Some 20% of its users had their emails and public information nabbed

Sources claim attack was carried out by ShinyHunters

SoundCloud has confirmed suffering a cyberattack in which it lost sensitive data on about a fifth of its user base.

In a data breach notification posted on its website, SoundCloud said it “recently” detected unauthorized activity in an ancillary service dashboard.

A subsequent investigation discovered a “threat actor group” accessed certain data, which mostly includes user emails and information otherwise visible on public SoundCloud profiles. The company said the breach affected roughly 20% of its users which, according to multiple sources, equals roughly 28 million users.

VPN woes

"We understand that a purported threat actor group accessed certain limited data that we hold," the company said.

"We have completed an investigation into the data that was impacted, and no sensitive data (such as financial or password data) has been accessed. The data involved consisted only of email addresses and information already visible on public SoundCloud profiles and affected approximately 20% of SoundCloud users."

SoundCloud also brought in a third-party cybersecurity company to assist with the analysis and containment and said that after the threat had been eliminated, the attackers engaged in multiple denial-of-service attacks. Two of them succeeded in temporarily disabling SoundCloud’s availability on the web.

There were also issues for users accessing the platform via VPN. As explained by CyberInsider, SoundCloud is accessible globally but faces restrictions in certain regions, which is why VPN is essential for some users.

Those users were seeing ‘403 ERROR - The request could not be satisfied' messages when trying to connect this way. At first, users believed this was due to geoblocking, or IP filtering changes, but was later explained that it was because of security hardening measures SoundCloud implemented after the breach.

Although it wasn’t explained in detail, it is possible that the changes changed filtering rules or Web Application Firewall (WAF) policies. SoundCloud said it was currently working on fixing this problem.

The company did not name the threat actors behind this attack but the media are reporting that this was the work of ShinyHunters, a ransomware group known for avoiding the encryption part, and focusing solely on data exfiltration. The group is reportedly now negotiating a ransom payment with SoundCloud, but this information was not confirmed publicly.

