SoundCloud has confirmed that it recently dealt with a security incident that resulted in limited user data being accessed and temporary service disruptions. The company said the issue has now been resolved and there is no ongoing risk to the security or availability of the platform.
In an official blog post, SoundCloud stated that it detected unauthorized activity in an ancillary service dashboard, following which it immediately activated its incident response protocols. The company also brought in third-party cybersecurity experts to assist with the investigation and containment.
According to the company, the threat actor accessed limited data, which included email addresses and information already visible on public SoundCloud profiles. The company clarified that no sensitive data, such as passwords, financial details, or private content, was accessed. The incident is estimated to have affected around 20 percent of SoundCloud’s users.
Also Read: Best Music Streaming Apps for iPhone
SoundCloud said it has completed its investigation and is confident that all unauthorized access has been fully blocked. The company also confirmed that there is no ongoing threat to user accounts or platform operations.
Following the containment of the breach, SoundCloud experienced denial-of-service attacks, two of which temporarily affected the availability of the platform on the web. These attacks were addressed, and normal service has since been restored.
As part of its response, SoundCloud implemented additional security measures, including improved monitoring, stronger threat detection, and a review of identity and access controls. However, some of these configuration changes led to temporary connectivity issues for users accessing SoundCloud via VPNs. The company acknowledged the issue and said it is actively working to resolve VPN-related access problems.
While SoundCloud did not name the group behind the breach, cybersecurity outlets reported that the ShinyHunters extortion gang is being linked to the incident. According to these reports, sources claim that the group is attempting to extort the company after allegedly stealing the database. SoundCloud has not confirmed these claims publicly. The company said its focus remains on strengthening security and preventing similar incidents in the future.
The platform also advised users to follow general online security best practices, remain alert to phishing attempts, and stay informed through official updates.
