In December 2025, music streaming platform SoundCloud disclosed a significant data breach affecting approximately 29.8 million user accounts.
The unauthorized access compromised personally identifiable information (PII), including email addresses, usernames, display names, avatars, follower statistics, and geographic location data.
The incident represents one of the most significant music platform breaches in recent years, impacting roughly 20% of SoundCloud’s total user base.
SoundCloud’s security team identified unauthorized activity on its platform during December 2025, prompting an immediate investigation into the scope and nature of the compromise.
The attackers used a flaw that let them connect public profile information to user email addresses and collect it in large amounts.
Following the discovery, SoundCloud initiated incident response procedures and notified affected users of the security incident.
Exposed Data and Attack Methodology
The compromised dataset contained 30 million unique email addresses linked to user accounts, alongside associated profile information.
Specifically, the breach included usernames, display names, avatar images, follower and following counts, and in some cases, user country information.
No passwords or payment details were stolen, but combining emails with profile data increases the risk of phishing and account takeovers.
The attackers demonstrated a systematic approach by accessing and exfiltrating large amounts of publicly available data.
Suggesting either credential compromise or exploitation of an API vulnerability that permitted unauthorized bulk data extraction.
Following the data exfiltration, the threat actors contacted SoundCloud, demanding financial compensation in exchange for non-disclosure of the stolen dataset.
When SoundCloud declined the extortion demand, the attackers subsequently released the compromised data publicly, increasing exposure risks for affected users.
Impact and Recommendations
The breach carries significant implications for user privacy and security. Email addresses linked to SoundCloud usernames significantly increase the risk of targeted phishing and social engineering attacks.
Affected users are advised to check for potential exposure using services such as HaveIBeenPwned. Attackers can leverage this data to conduct credential-stuffing attacks on other platforms where users may reuse email addresses.
SoundCloud has advised affected users to monitor their accounts for suspicious activity and implement additional security measures.
Users should enable two-factor authentication (2FA) on their SoundCloud accounts and consider changing passwords on other platforms if they reused credentials.
Organizations with employee accounts should review access logs for unauthorized activity and consider implementing email-based threat-detection policies to identify suspicious account access patterns.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
