Audio streaming giant SoundCloud announced on Monday that it has become the target of a security breach in which hackers managed to access limited user data. This news follows a period of service issues that left many users unable to access the platform, particularly those using it via VPNs.
User Data Compromised
SoundCloud has confirmed that the unauthorised activity was discovered in an “internal service system dashboard,” which is basically a supporting component. The company quickly shut down the access and immediately hired a leading third-party cybersecurity firm to assist with the investigation and response.
According to reports, the breach affected an estimated 20% of their community, which could be millions of accounts (approx. 28 million), given the platform’s large global network and reach.
The data possibly accessed included user email addresses and information that was already visible on users’ public SoundCloud profiles. However, SoundCloud has emphasised that no sensitive financial data, passwords, or payment details were stolen. The company stated they are confident that all unauthorised access to their data has been shut down.
“SoundCloud recently detected unauthorised activity in an ancillary service dashboard. Upon making this discovery, we immediately activated our incident response protocols and promptly contained the activity,” SoundCloud’s official statement reads.
What we’ve learned so far is that the notorious cyber extortion group ShinyHunters is reportedly responsible for the attack, as per Bleeping Computer’s source. While SoundCloud has not officially named the attackers and referred to them as a “purported threat actor group,” media reports suggest ShinyHunters is pressuring the company to pay them for not leaking the stolen data.
“We understand that a purported threat actor group accessed certain limited data that we hold. We have completed an investigation into the data that was impacted, and no sensitive data (such as financial or password data) has been accessed,” the company stated.
Disruption and Follow-Up Attacks
Before the breach was made public, many users, especially those in countries like Russia, mainland China, and Turkey, where the service is blocked and requires a VPN for access, reported connection failures and “403 Error” messages.
SoundCloud clarified in a post on X (formerly Twitter) that these temporary issues were an unfortunate side effect of their immediate security response, as they implemented new configuration changes to strengthen their systems. The company is actively working to resolve these access problems.
Following the initial containment of the breach, the platform faced multiple denial-of-service (DoS) attacks. For your information, a DoS attack is when a system is flooded with so much traffic that it is overwhelmed and temporarily goes offline, making the service unavailable for normal users.
SoundCloud states that two of these attacks managed to temporarily disrupt web access, though the platform remains available via its apps and website now. The audio giant is recommending that all users remain alert about possible phishing attempts, as these often follow data breaches. Also, changing your passwords and enabling two-factor authentication is a great idea for added security.