SoundCloud reports data breach exposing millions of user accounts
Learn More
Audio streaming platform SoundCloud reports a security breach affecting approximately 28 million user accounts, roughly 20% of its global user base.
The incident was detected in mid-December 2025. Hackers gained access to an ancillary service dashboard and stole a database containing user information. The public report followed several days of widespread service disruptions, including VPN connectivity issues that prevented users from accessing the platform through virtual private networks, displaying 403 "forbidden" error messages.
The compromised data includes:
- Email addresses
- Publicly visible profile information (usernames, display names, profile pictures)
SoundCloud claims that the investigation found no evidence of passwords, financial details, payment information, or private user content being accessed during the intrusion.
While SoundCloud has not publicly attributed the breach to a specific threat actor, BleepingComputer received information indicating that the ShinyHunters extortion gang is claiming the attack.
SoundCloud has advised affected users to be careful of phishing attempts and social engineering attacks that may reference their account activity or platform notifications.
Update - as of 29th of January 2026, SoundCloud confirmed a December 2025 data breach affecting approximately 29.8 million accounts. The exposed data included emails, usernames, profile details, and follower counts. Passwords, payment information, and private messages were not accessed.
