• Home
  • cyber
  • SoundCloud confirms breach after member data stolen, VPN access disrupted
cyber Breach

SoundCloud confirms breach after member data stolen, VPN access disrupted

Dec 16, 2025 2 min read
SoundCloud confirms breach after member data stolen, VPN access disrupted

SoundCloud Confirms Security Breach Impacting 28 Million Users

SoundCloud has confirmed that recent outages and VPN connectivity issues were caused by a security breach in which threat actors stole a database containing user information. The incident, detected over the past four days, led to widespread reports of users encountering 403 "forbidden" errors when accessing the platform via VPN.

In a statement to BleepingComputer, SoundCloud revealed that unauthorized activity was detected in an ancillary service dashboard, prompting the activation of its incident response procedures. While the company acknowledged that a threat actor accessed limited data, it clarified that no sensitive information—such as financial details or passwords—was compromised. The exposed data included only email addresses and publicly visible profile information.

The breach is estimated to affect approximately 20% of SoundCloud’s user base, translating to roughly 28 million accounts based on publicly reported figures. The company stated that all unauthorized access has been blocked and that no ongoing risk to the platform exists.

In response, SoundCloud has implemented additional security measures, including enhanced monitoring, improved threat detection, and a review of identity and access controls. However, a configuration change made during the response disrupted VPN access to the site, with no confirmed timeline for full restoration.

Following the breach, SoundCloud also faced denial-of-service (DoS) attacks that temporarily disabled its web availability. While the company has not identified the threat actor, BleepingComputer sources indicate that the ShinyHunters extortion gang is likely responsible. The group, which also claimed responsibility for a recent PornHub data breach, is reportedly attempting to extort SoundCloud after allegedly stealing user data. Further updates are expected as the investigation continues.

Source: https://www.bleepingcomputer.com/news/security/soundcloud-confirms-breach-after-member-data-stolen-vpn-access-disrupted/

SoundCloud cybersecurity rating report: https://www.rankiteo.com/company/soundcloud

"id": "SOU1765850792",
"linkid": "soundcloud",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '28 million accounts (20% of '
                                              'users)',
                        'industry': 'Technology, Entertainment',
                        'name': 'SoundCloud',
                        'type': 'Audio streaming platform'}],
 'attack_vector': 'Unauthorized access to ancillary service dashboard',
 'data_breach': {'data_exfiltration': True,
                 'number_of_records_exposed': '28 million',
                 'personally_identifiable_information': 'Email addresses',
                 'sensitivity_of_data': 'Low (no financial or password data)',
                 'type_of_data_compromised': 'Email addresses, public profile '
                                             'information'},
 'description': 'SoundCloud confirmed a security breach where threat actors '
                'stole a database containing user information, leading to '
                'outages and VPN connection issues. The breach affected '
                "approximately 20% of SoundCloud's users, with email addresses "
                'and public profile information exposed. The incident was '
                'followed by denial-of-service attacks.',
 'impact': {'data_compromised': 'Email addresses and public profile '
                                'information',
            'downtime': 'Temporary web availability disruption due to DDoS '
                        'attacks',
            'operational_impact': 'VPN access disruption, temporary platform '
                                  'unavailability',
            'systems_affected': 'Ancillary service dashboard, VPN '
                                'connectivity'},
 'initial_access_broker': {'entry_point': 'Ancillary service dashboard'},
 'investigation_status': 'Completed',
 'motivation': 'Extortion',
 'post_incident_analysis': {'corrective_actions': 'Improved monitoring, '
                                                  'reviewed access controls, '
                                                  'system assessment'},
 'references': [{'source': 'BleepingComputer'}],
 'response': {'communication_strategy': 'Public statement to BleepingComputer',
              'containment_measures': 'Blocked unauthorized access, '
                                      'configuration changes',
              'enhanced_monitoring': True,
              'incident_response_plan_activated': True,
              'remediation_measures': 'Improved monitoring and threat '
                                      'detection, reviewed identity and access '
                                      'controls, system assessment',
              'third_party_assistance': 'Cybersecurity experts'},
 'threat_actor': 'ShinyHunters',
 'title': 'SoundCloud Security Breach and Data Theft',
 'type': 'Data Breach'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.