A recent cyberattack on SoundCloud exposed data of millions of users and triggered widespread service issues, including a VPN access shutdown.
Quick Summary – TLDR:
- SoundCloud confirmed a data breach that exposed email addresses and public profile info of around 28 million users.
- The company says no sensitive data like passwords or financial information was stolen.
- VPN access was disabled due to emergency configuration changes, frustrating many users in restricted countries.
- Cyber gang ShinyHunters is reportedly behind the breach, now allegedly extorting SoundCloud.
What Happened?
SoundCloud has officially acknowledged a security breach that impacted 20 percent of its user base, equating to an estimated 28 million accounts. The attack caused several days of outages and cut off access for users connecting through VPNs. The company says the breach was limited in scope and no passwords or financial data were accessed.
🚨 SoundCloud confirms security breach
— BleepingComputer (@BleepinComputer) December 16, 2025
After days of outages and VPN access issues, SoundCloud says a security incident led to the theft of member data. 🧵👇
A Closer Look at the SoundCloud Data Breach
In mid-December 2025, many SoundCloud users began reporting connectivity issues and sudden VPN blocks. Some faced 403 Forbidden errors when trying to access the platform, raising concerns about possible censorship or technical failure.
Soon after, SoundCloud revealed that the issues were tied to a cybersecurity incident. According to their statement shared with BleepingComputer and other outlets, the breach was traced back to unauthorized access via an “ancillary service dashboard.”
What data was compromised?
The company said the attacker accessed:
- Email addresses
- Information already visible on public profiles
SoundCloud reassured users that:
- No passwords or financial data were accessed
- No sensitive personal data was leaked
Despite the limited scope, users were urged to stay alert for phishing scams, since email addresses could be used in targeted attacks.
VPN Access Blocked as Part of Emergency Security Fix
To prevent further damage, SoundCloud made quick configuration changes that unintentionally cut off VPN access entirely. This became a huge issue for users in countries where SoundCloud is blocked or censored, leaving them unable to access their accounts.
SoundCloud confirmed it is working to restore VPN access, but no timeline has been provided yet.
Suspected Group Behind the Attack
While SoundCloud did not name the attackers, BleepingComputer reported a tip pointing to the group ‘ShinyHunters’, a known cyber extortion gang. Sources claim the group is now extorting SoundCloud, having allegedly stolen a full user database.
This raises concerns about whether more user information could be leaked or sold if the extortion demands are not met.
Security Measures Taken
In response to the incident, SoundCloud said it has:
- Blocked all unauthorized access
- Worked with third-party cybersecurity experts
- Increased monitoring and threat detection
- Reviewed identity and access controls
- Assessed its related systems for vulnerabilities
Despite these steps, SoundCloud also suffered two DDoS attacks following the breach. These attacks temporarily disrupted the web version of the platform.
SQ Magazine Takeaway
This SoundCloud breach is a reminder that even big tech platforms are not immune to targeted cyberattacks. I think what’s most frustrating for users is the lack of VPN access, especially in countries where SoundCloud is blocked. For many, that VPN was their only window into the music scene. While it’s good that no passwords or bank data were exposed, the scale of affected users is huge, and the fact that an extortion group is involved adds serious pressure on SoundCloud to handle this carefully. If you’re a user, definitely be extra cautious with suspicious emails in the coming weeks.
