SoundCloud has confirmed a major data breach affecting almost 30M million user accounts, following unauthorized access detected in December. The incident originated from a compromised ancillary service dashboard, allowing attackers to map publicly visible profile data to private email addresses for roughly 20% of SoundCloud’s user base. The leaked information — later confirmed by Have I Been Pwned — includes email addresses, names, usernames, geographic locations, avatars, and follower statistics. The breach was accompanied by service disruptions, with users reporting access issues and “403 Forbidden” errors, further amplifying visibility and concern.

The attack was attributed to the ShinyHunters extortion group, which attempted to pressure SoundCloud through data leak threats and email flooding campaigns targeting users, employees, and partners. Even though the exposed data was largely derived from public profiles, the ability to correlate it with email addresses significantly increases the risk of phishing, account takeover attempts, and downstream fraud, particularly as ShinyHunters has also been linked to SSO-focused attacks against platforms like Okta, Microsoft, and Google. For a creator-centric platform built on trust and community, the reputational impact is substantial, especially when attackers weaponize “non-sensitive” data at massive scale.

This incident underscores the importance of unified security visibility and response across SaaS platforms. Organizations must correlate activity across public-facing services, internal dashboards, authentication flows, and user behavior in a single platform like NIKSUN to detect abuse earlier, prevent large-scale data correlation attacks, and shut down extortion attempts faster. Fragmented security tooling allows attackers to exploit blind spots — unified, AI-assisted security operations are critical to protecting users and platform trust at scale. Read more about this story on our LinkedIn page