What Happened
In mid‑December 2025 SoundCloud announced that an unauthorized actor accessed an ancillary service dashboard and harvested data from roughly 20 % of its user base – about 28 million accounts.
Scope of the Leak
The compromised information included:
- 30 million unique email addresses
- Names and usernames
- Profile avatars
- Follower and following counts
- Country information where available
Who Is Responsible
The breach has been linked to the ransomware‑extortion group ShinyHunters. The gang is known for abandoning encryption in favor of pure data theft and has previously targeted services that rely on Okta single‑sign‑on.
How the Attack Was Executed
Attackers exploited an unsecured dashboard in an ancillary service, allowing them to map publicly visible profile data to email addresses. After exfiltrating the data, they attempted to extort SoundCloud before releasing the information publicly.
How to Check If You’re Affected
Visit Have I Been Pwned and search your email address. The site added roughly 29.8 million SoundCloud accounts to its database following the breach.
What You Can Do Now
- Change your SoundCloud password immediately.
- Enable two‑factor authentication (2FA) on your account.
- Review and update security settings on any linked services, especially Okta SSO.
- Monitor your email for phishing attempts that reference the leaked data.
- Consider using a password manager to generate strong, unique passwords.
Long‑Term Recommendations
Businesses should audit third‑party dashboards for unnecessary exposure, enforce least‑privilege access, and regularly rotate credentials. Users are encouraged to stay informed about data‑breach notifications and act quickly.