SoundCloud has disclosed a data breach affecting approximately 20% of its users, confirming that attackers accessed email addresses and public profile data following unauthorized activity in one of its service dashboards.
The incident, now contained, coincided with widespread VPN access disruptions and denial-of-service attacks that temporarily impacted the platform's availability.
According to the company's official statement released yesterday, the breach was identified after internal systems detected suspicious activity involving an ancillary dashboard. SoundCloud says it immediately activated its incident response protocols, isolated the affected systems, and enlisted third-party cybersecurity experts to assist in a thorough investigation. The company emphasized that no sensitive data, such as passwords, financial information, or private user content, was exposed in the incident.
The impacted data set includes user email addresses and profile information that is already publicly viewable on the platform. Based on SoundCloud's user estimates, the breach could affect around 28 million accounts. The company says there is no ongoing risk and that all unauthorized access has been blocked.
Following containment of the breach, SoundCloud was hit by multiple denial-of-service attacks, two of which successfully disrupted web-based access to the platform for a short period. While the company did not directly attribute these attacks to the same actors, the timing suggests a coordinated effort to impair platform functionality during the recovery process.
Founded in Berlin, SoundCloud is a major audio distribution platform widely used by independent musicians, podcasters, and content creators. The platform is accessible globally but faces restrictions in some regions, making VPN use essential for users in those countries. Starting this weekend, reports began to surface of SoundCloud returning “403 ERROR – The request could not be satisfied” messages to users connecting via VPNs. This error, served through Amazon CloudFront, was initially interpreted by users as a possible geoblocking or IP filtering change.
SoundCloud later clarified that the VPN access issue was not intentional but stemmed from configuration changes made as part of its security hardening measures after the breach. The adjustments, which likely involved more aggressive filtering rules or Web Application Firewall (WAF) policies, inadvertently blocked access for some users relying on VPN or proxy services. The company says it is working to resolve these connectivity problems.
Although SoundCloud did not identify those responsible for the intrusion, BleepingComputer reported that the notorious data extortion group ShinyHunters is behind the attack, citing a tip from an unnamed source.
Leave a Reply