top of page
perceptive_background_267k.jpg

Have I Been Pwned: SoundCloud data breach impacts 29.8 million accounts

Published:

27 January 2026 at 12:25:00

Alert date:

27 January 2026 at 14:01:20

Source:

bleepingcomputer.com

Click to open the original link from this advisory

Data Breach & Exfiltration, Web Technologies

SoundCloud suffered a significant data breach affecting 29.8 million user accounts. Hackers successfully breached the audio streaming platform's systems and stole personal and contact information belonging to users. The breach has been added to the Have I Been Pwned database for users to check if their accounts were compromised. The incident represents a major security incident for the popular music streaming service, potentially exposing sensitive user data including personal details and contact information of nearly 30 million users.

Technical details

Hackers breached SoundCloud's ancillary service dashboard and accessed personal and contact information from 29.8 million user accounts (approximately 20% of all SoundCloud users). The compromised data included email addresses, geographic locations, names, usernames, profile statistics, avatars, follower and following counts, and in some cases, the user's country. The breach was discovered in December 2024 and confirmed on December 15. No sensitive data such as financial or password data was accessed. The attackers were able to map publicly available SoundCloud profile data to email addresses. Users experienced 403 'Forbidden' errors when connecting via VPN during the incident.

Mitigation steps:

SoundCloud activated incident response procedures after detecting unauthorized activity. Users can check if their accounts were affected using the Have I Been Pwned service. The company completed an investigation and published a security notice. SoundCloud implemented measures to block VPN access during the incident response phase.

Affected products:

SoundCloud audio streaming platform

Related links:

https://www.bleepingcomputer.com/news/security/soundcloud-confirms-breach-after-member-data-stolen-vpn-access-disrupted/
https://www.bleepingcomputer.com/news/security/ongoing-soundcloud-issue-blocks-vpn-users-with-403-server-error/
https://soundcloud.com/playbook-articles/protecting-our-users-and-our-service
https://haveibeenpwned.com/Breach/SoundCloud
https://www.bleepingcomputer.com/news/security/shinyhunters-claim-to-be-behind-sso-account-data-theft-attacks/
https://www.bleepingcomputer.com/tag/shinyhunters/

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page