SoundCloud Hacked and Reports Theft of User Data
SoundCloud confirmed attackers breached its user database, affecting approximately 28 million accounts—roughly 20% of the platform's total audience. The extortion group ShinyHunters is behind the attack and is blackmailing the company, threatening to publish the stolen database.
The breach first became apparent when users reported mass inability to access the site through VPNs (SoundCloud has been blocked in China since 2014, in Russia since 2022, and in Venezuela, Kazakhstan, and other countries). Connection attempts returned 403 errors—a side effect of containment measures.
SoundCloud detected unauthorized activity in an auxiliary control panel and launched an incident response.
"To our understanding, a group of malicious actors gained access to some of the private data we store. We have completed the investigation and determined which data was affected. Sensitive information, including financial data and passwords, was not compromised. The leak only affected email addresses and information already available in public SoundCloud profiles," the company stated.
Response Measures
SoundCloud blocked unauthorized access and reported no current risks to the platform. With external cybersecurity experts, the company improved threat monitoring and detection, audited identity and access controls, and checked related systems.
Configuration changes made during the response disrupted VPN connections. SoundCloud didn't specify when VPN access would be fully restored.
Following the breach, SoundCloud faced DDoS attacks that temporarily disrupted access to the web version.
ShinyHunters Connection
While SoundCloud hasn't officially identified the attackers, Bleeping Computer sources confirmed ShinyHunters is behind the incident. The group is blackmailing SoundCloud, threatening to release the stolen database containing user information.
ShinyHunters has conducted multiple high-profile breaches in 2025, including attacks on Mixpanel (affecting PornHub and other services), Oracle E-Business Suite exploitation, and compromises of Salesforce, Drift, and Gainsight platforms.
