SoundCloud has confirmed a safety incident involving unauthorized entry to consumer information, revealing that hackers exfiltrated e mail addresses and public profile info from roughly 20% of its consumer base.
The corporate disclosed the breach in a transparency weblog submit on December 15, 2025, emphasizing that no delicate info like passwords or monetary particulars was compromised. The platform assured customers that the problem is totally resolved with no ongoing dangers to service availability.
SoundCloud detected suspicious exercise in an ancillary service dashboard, triggering rapid incident response protocols. Safety groups contained the breach swiftly and enlisted third-party cybersecurity specialists for a forensic investigation.
Following containment, the platform confronted two denial-of-service (DDoS) assaults that briefly disrupted internet entry, although cellular and API providers remained operational.
A purported risk actor group capitalized on the preliminary entry, however SoundCloud’s probe confirmed the exfiltration was restricted. “We’re assured that any entry to SoundCloud information has been curtailed,” the corporate acknowledged.
The breach uncovered non-sensitive information already seen on public profiles, minimizing potential hurt. Right here’s a breakdown:
AspectDetailsAffected DataEmail addresses; public profile informationUser Impression~20% of SoundCloud usersSensitive Information LostNone (no passwords, monetary information)Service DisruptionTemporary internet downtime (DDoS-related)Ongoing RiskNone; totally contained
No credentials or fee particulars have been concerned, decreasing dangers like account takeovers or monetary fraud.
In collaboration with specialists, SoundCloud bolstered defenses by enhancing monitoring, risk detection, identification entry controls, and auditing associated methods. These upgrades brought on transient VPN connectivity points for some customers, which groups are resolving.
The corporate prioritizes consumer privateness, promising ongoing updates. It urges vigilance towards phishing, recommending multi-factor authentication (MFA) and monitoring for suspicious emails.
This incident underscores persistent dangers to inventive platforms, the place public information can gasoline focused phishing. As ransomware and provide chain assaults evolve, music streaming providers face heightened scrutiny. SoundCloud’s proactive disclosure aligns with greatest practices from CISA and NIST, doubtlessly averting bigger fallout.
Customers ought to scan for phishing lures claiming “SoundCloud alerts” and allow MFA the place attainable. SoundCloud joins latest breaches at platforms like Spotify rivals, highlighting the necessity for strong ancillary service safety.
This similar group has been linked to different high-profile breaches not too long ago, together with a reported incident involving PornHub.
Observe us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to function your tales.
