Hackers have stolen the personal and contact information belonging to over 29.8 million SoundCloud user accounts after breaching the audio streaming platform’s systems.
SoundCloud was founded in 2007 as an artist-first platform that now provides access to over 400 million tracks from more than 40 million artists worldwide.
The company confirmed the breach on December 15, following widespread reports from users who were unable to access SoundCloud and saw 403 “Forbidden” errors when connecting via VPN.
SoundCloud told BleepingComputer at the time that it had activated its incident response procedures after detecting unauthorized activity involving an ancillary service dashboard.
“We understand that a purported threat actor group accessed certain limited data that we hold,” SoundCloud said. “We have completed an investigation into the data that was impacted, and no sensitive data (such as financial or password data) has been accessed. The data involved consisted only of email addresses and information already visible on public SoundCloud profiles.”
While SoundCloud didn’t provide further details regarding the incident, BleepingComputer learned that the breach affected 20% of all SoundCloud users, roughly 28 million accounts based on publicly reported user figures (SoundCloud later published a security notice confirming the information provided by BleepingComputer’s sources).
After the breach, BleepingComputer also learned that the ShinyHunters extortion gang was responsible for the attack, with sources saying that the threat group was also attempting to extort SoundCloud. This was confirmed by SoundCloud in a January 15 update, which said the threat actors had “made demands and deployed email flooding tactics to harass users, employees, and partners.”
Although SoundCloud has yet to share how many users’ data was stolen, data breach notification service Have I Been Pwned revealed the extent of the breach on Monday, reporting that it affected 29.8 million accounts whose email addresses, geographic locations, names, usernames, and profile statistics were harvested in the incident.
“In December 2025, SoundCloud announced it had discovered unauthorised activity on its platform. The incident allowed an attacker to map publicly available SoundCloud profile data to email addresses for approximately 20% of its users,” said data breach notification service Have I Been Pwned.
“The impacted data included 30M unique email addresses, names, usernames, avatars, follower and following counts and, in some cases, the user’s country. The attackers later attempted to extort SoundCloud before publicly releasing the data the following month.”
BleepingComputer reached out to SoundCloud again today with questions about the December incident, but a response was not immediately available.
Last week, ShinyHunters also claimed responsibility for a wave of ongoing voice phishing attacks targeting single sign-on (SSO) accounts at Okta, Microsoft, and Google, which could enable attackers to breach corporate SaaS platforms and steal data for extortion.
It’s budget season! Over 300 CISOs and security leaders have shared how they’re planning, spending, and prioritizing for the year ahead. This report compiles their insights, allowing readers to benchmark strategies, identify emerging trends, and compare their priorities as they head into 2026.
Learn how top leaders are turning investment into measurable impact.