SoundCloud has confirmed a security incident involving unauthorized access to user data, revealing that hackers exfiltrated email addresses and public profile information from approximately 20% of its user base.
The company disclosed the breach in a transparency blog post on December 15, 2025, emphasizing that no sensitive information like passwords or financial details was compromised. The platform assured users that the issue is fully resolved with no ongoing risks to service availability.
SoundCloud detected suspicious activity in an ancillary service dashboard, triggering immediate incident response protocols. Security teams contained the breach swiftly and enlisted third-party cybersecurity experts for a forensic investigation.
Following containment, the platform faced two denial-of-service (DDoS) attacks that briefly disrupted web access, though mobile and API services remained operational.
A purported threat actor group capitalized on the initial access, but SoundCloud’s probe confirmed the exfiltration was limited. “We are confident that any access to SoundCloud data has been curtailed,” the company stated.
The breach exposed non-sensitive data already visible on public profiles, minimizing potential harm. Here’s a breakdown:
| Aspect | Details |
|---|---|
| Affected Data | Email addresses; public profile information |
| User Impact | ~20% of SoundCloud users |
| Sensitive Data Lost | None (no passwords, financial info) |
| Service Disruption | Temporary web downtime (DDoS-related) |
| Ongoing Risk | None; fully contained |
No credentials or payment details were involved, reducing risks like account takeovers or financial fraud.
In collaboration with experts, SoundCloud bolstered defenses by enhancing monitoring, threat detection, identity access controls, and auditing related systems. These upgrades caused transient VPN connectivity issues for some users, which teams are resolving.
The company prioritizes user privacy, promising ongoing updates. It urges vigilance against phishing, recommending multi-factor authentication (MFA) and monitoring for suspicious emails.
This incident underscores persistent risks to creative platforms, where public data can fuel targeted phishing. As ransomware and supply chain attacks evolve, music streaming services face heightened scrutiny. SoundCloud’s proactive disclosure aligns with best practices from CISA and NIST, potentially averting larger fallout.
Users should scan for phishing lures claiming “SoundCloud alerts” and enable MFA where possible. SoundCloud joins recent breaches at platforms like Spotify rivals, highlighting the need for robust ancillary service security.
This same group has been linked to other high-profile breaches recently, including a reported incident involving PornHub.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
