SoundCloud Confirms Data Breach and Theft of 20% of User Emails After VPN Access Disruption
Published
Key Takeaways
- Breach confirmation: SoundCloud confirmed a security breach in which threat actors accessed a user database, resulting in widespread service disruptions.
- VPN access disruption: Due to incident response measures, users connecting to the platform via VPN services have been experiencing "403 Forbidden" errors.
- Limited data exposure: The stolen data was allegedly limited to email addresses and publicly visible profile information.
Audio streaming platform SoundCloud has officially confirmed it was the victim of a security breach. The incident involved unauthorized access to an ancillary service dashboard, enabling purported threat actors to view a database containing user information.
The confirmation follows several days of widespread reports from users who were unable to access the service while using a VPN, a direct consequence of the company's incident response measures.
SoundCloud Stolen User Data and Extortion Claims
According to SoundCloud, the investigation concluded that no sensitive data, such as financial details or account passwords, was accessed. The exposure was limited to email addresses and information already available on public user profiles.
However, the announcement said that approximately 20% of SoundCloud's user base may have had their user data stolen – which means the incident potentially impacts up to 28 million accounts.
The ShinyHunters extortion gang has reportedly claimed responsibility for the attack and is now attempting to extort the company. The threat actor is now allegedly also extorting Pornhub, possibly due to a database stolen from Mixpanel.
Company Response and Ongoing Issues
In response to the data breach, SoundCloud activated its incident response procedures, engaged independent cybersecurity experts, and implemented enhanced security measures. These actions included a configuration change that inadvertently caused the VPN access disruption.
“Following the containment, SoundCloud experienced denial of service attacks, two of which were able to temporarily disable our platform's availability on the web only,” the company stated.
SoundCloud has not yet provided a specific timeline for when full VPN connectivity will be restored, but has assured users that all unauthorized access has been blocked.
TechNadu reported in November that the Mixpanel breach exposed limited OpenAI API user analytics data.
The ShinyHunters group is also part of the Scattered LAPSUS$ Hunters collective and has been linked to several major data breaches this year, including the Salesloft Drift attacks and the GainSight breach.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular