One of the internet’s most popular audio streaming platforms, SoundCloud, has suffered a major data breach impacting nearly 30 million user accounts.
Quick Summary – TLDR:
- 29.8 million SoundCloud user accounts have been exposed in a breach confirmed by the company.
- The hacker group ShinyHunters has claimed responsibility for the attack and has leaked the data.
- Breach stemmed from access to an internal dashboard, allowing email mapping to public profiles.
- No passwords or financial data were stolen, but personal and contact details were leaked.
What Happened?
In December 2025, SoundCloud detected unauthorized activity linked to an internal service dashboard. This access enabled hackers to connect private email addresses to publicly available profile data of users. The platform quickly activated its incident response protocols and confirmed the breach after user reports and VPN access issues began to surface.
The well-known hacker group ShinyHunters later claimed responsibility for the attack, which they followed up with an attempt to extort SoundCloud and harass users through spam and email flooding campaigns.
New breach: SoundCloud had 30M email addresses mapped to public profile data last month including name, username, follower count and in some cases, country. 67% were already in @haveibeenpwned. Read more: https://t.co/D2xhRhcegL
— Have I Been Pwned (@haveibeenpwned) January 27, 2026
ShinyHunters Behind the Attack
The notorious ShinyHunters group, already known for attacks on platforms like Okta and Microsoft, has now taken credit for the SoundCloud breach. In early January 2026, the group leaked the stolen data online through their dark web portal.
The dataset included:
- Email addresses
- Usernames and display names
- Avatars
- Follower and following counts
- In some cases, users’ countries of origin
Cybersecurity watchdogs and data breach notification services, including Have I Been Pwned (HIBP), confirmed the scope of the attack, listing 29.8 million accounts as affected. This represents approximately 20% of SoundCloud’s global user base.
Breach Containment and Response
SoundCloud acted swiftly after detecting the breach. It brought in external cybersecurity experts and implemented a series of changes to harden its infrastructure. The company emphasized that no sensitive user data like passwords or financial information was accessed.
The situation was further complicated by a wave of denial-of-service attacks that followed the incident, temporarily disrupting access to the platform. During this period, many users experienced 403 Forbidden errors, particularly when accessing SoundCloud via VPNs. The platform later confirmed that misconfigured Web Application Firewall settings, deployed during the security upgrades, caused these disruptions.
Data Now Leaked and Shared Online
According to updates from researchers and cybersecurity experts like Alon Gal of Hudson Rock, the SoundCloud dataset has been widely circulated on hacker forums following its initial leak. Alongside breaches of other platforms like Crunchbase and Betterment, the SoundCloud leak forms part of a larger attack wave linked to ShinyHunters.
Despite not containing passwords or payment information, the breach is still significant. Email addresses combined with profile data can be used for targeted phishing attacks, identity theft, or social engineering campaigns.
SQ Magazine Takeaway
Honestly, it’s hard not to be frustrated here. While it’s a relief that passwords and financial data weren’t stolen, leaking 30 million emails and personal profiles is no small issue. SoundCloud did respond quickly, but the fact that a hacker group could exploit internal systems this way is worrying. It’s also a wake-up call for anyone who thinks public profile info isn’t sensitive. Pair that with your email address and suddenly, it’s open season for scammers. Always double-check your online footprint and use security features like multi-factor authentication wherever possible.
