SoundCloud Confirms Data Breach
[image: 1765849944127-5166b650-49c4-4f71-8918-0cf58ec38651-image.png]
SoundCloud has confirmed a security breach after users reported widespread outages and 403 errors when accessing the platform through VPNs. According to the company, the issues were caused by its incident response after detecting unauthorized access to an ancillary service dashboard.
SoundCloud stated that a threat actor accessed a limited database containing user email addresses and information already visible on public profiles. The company said no passwords, financial data, or other sensitive information were exposed.
Sources cited by BleepingComputer estimate the breach impacts roughly 20 percent of SoundCloud’s user base, potentially affecting around 28 million accounts. SoundCloud says all unauthorized access has been blocked and that there is no ongoing risk.
As part of its response, SoundCloud implemented security configuration changes that disrupted VPN connectivity. The company has not provided a timeline for restoring full VPN access. It also reported experiencing denial-of-service attacks following the incident, briefly affecting site availability.
While SoundCloud has not named the attackers, BleepingComputer reports that the ShinyHunters extortion group is allegedly behind the breach and is attempting to extort the company after stealing user data.
Sources:
https://www.bleepingcomputer.com/news/security/soundcloud-confirms-breach-after-member-data-stolen-vpn-access-disrupted/
https://cyberinsider.com/soundcloud-users-with-active-vpn-connections-are-getting-403-errors/
