.webp)
Cybercriminal group ShinyHunters linked to breach, risking phishing attacks and data exploitation for millions of users.
One of the largest data breaches in Soundcloud history resulted in the compromise of almost 29.8M user accounts. With Soundcloud, having previously disclosed the incident in December 2025 after an unauthorized activity was detected, Have I Been Pwned reported on the major data breach that influences nearly 29.8 million users as recorded by the service itself.
As users attempted to log into their accounts following the announcement of the data breach they encountered issues with logging into their accounts and receiving multiple 403 Forbidden errors during login attempts if they used a VPN service. Soundcloud stated the security breach involved an “ancillary service dashboard” and that sensitive data such as financial information and passwords were not accessed. The majority of the data accessed in the breach included email addresses and other profile information that has previously been publically visible; only 20% of users were affected by this data breach according to estimates from Soundcloud.
As soon as SoundCloud discovered the hack, it quickly implemented its incident response protocols and contained the unauthorized access. SoundCloud then began working with a separate, independent cybersecurity firm to conduct an investigation into the incident. They also have implemented additional security safeguards since then, such as more restrictive access controls and improved DDoS protections.
Evidence from data obtained through "Have I Been Pwned" indicates that the size of the breach was actually much larger than originally has been disclosed. The information that was exposed includes email addresses, first names, last names, usernames, avatars, follower counts and sometimes-geographic locations of users. While much of this information would be considered to be "publicly available" and pose little risk, the risk associated with the combination of these pieces of information are greater than if they were to stand alone. This presents additional opportunities for hackers to use phishing schemes, spamming and other social engineering tactics.
.webp)
.webp)
