National News
SoundCloud data breach hits 29.8 million users in major cyberattack
NEWNow you can take heed to Fox Information articles!
Hackers have uncovered private and speak to info related to SoundCloud accounts, with information breach notification service Have I Been Pwned reporting the influence to round 29.8 million customers. The breach affected one of many world’s largest audio platforms and left many customers with out error messages earlier than the corporate confirmed the incident.
Based in 2007, SoundCloud grew into an artist-first service with greater than 400 million songs from greater than 40 million creators. That scale made this incident significantly worrying. SoundCloud mentioned it detected unauthorized exercise associated to an inside service dashboard and launched its incident response course of. On the time, customers reported 403 banned errors, primarily when connecting by way of VPNs.
Join my FREE CyberGuy ReportGet my prime tech suggestions, pressing safety alerts, and unique provides straight to your inbox. Plus, you may get instantaneous entry to my Final Rip-off Survival Information – free whenever you be part of my CYBERGUY.COM publication
149 MILLION PASSWORDS EXPOSED IN MAJOR CREDENTIAL LEAK
SoundCloud confirmed unauthorized exercise after customers reported entry errors, prompting an inside incident response. (iStock)
What information was uncovered through the SoundCloud breach
SoundCloud initially mentioned attackers had entry to restricted information and didn’t contact passwords or monetary info. The corporate mentioned the data launched matched what customers already present publicly on profiles.
Later revelations painted a a lot greater image.
Based on Have I Been Pwned, attackers have collected information from roughly 29.8 million accounts. That information consists of:
- E mail addresses
- Usernames and show names
- Profile photos and avatars
- Follower and following counts
- Geographic areas, in some instances
Though no passwords had been used, linking emails to public profiles carries an actual threat. That mixture fuels phishing, impersonation and focused scams.
Who’s behind the assault?
Safety researchers linked the breach to ShinyHunters, a recognized extortion gang. Sources instructed BleepingComputer that the group tried to extort SoundCloud after the info breach. SoundCloud later confirmed these claims. In a January replace, the corporate mentioned attackers had been making calls for and launching campaigns to harass customers, staff and companions. ShinyHunters has additionally claimed duty for latest voice phishing assaults focusing on single sign-on techniques at Okta, Microsoft and Google. These assaults focused firms’ SaaS accounts to steal and extort information.
Why this breach issues even with out passwords
At first look, this may increasingly sound much less severe than password or bank card breaches. That assumption may be harmful. E mail addresses linked to actual profiles permit scammers to write down persuasive messages. They’ll pose as SoundCloud, manufacturers, and even different creators. The variety of followers and usernames make posts really feel private and credible. As soon as attackers achieve belief, they push hyperlinks, malware or pretend login pages. That is typically how bigger account takeovers start.
What SoundCloud customers can count on subsequent
SoundCloud has not mentioned whether or not extra particulars will probably be launched. The corporate confirmed the assault and extortion try, however didn’t reply follow-up questions on its scope or inside controls. For customers, the long-term threat comes from the widespread distribution of this dataset. As soon as printed, uncovered information not often disappears. It has been circulating on boards, marketplaces and rip-off networks for years.
We reached out to SoundCloud for remark and a consultant instructed us: “We’re conscious {that a} group of menace actors has printed information on-line purporting to originate from our group. Please notice that our safety workforce, supported by main third-party cybersecurity consultants, is actively reviewing the declare and printed information.”
SoundCloud has mentioned it has discovered no proof that delicate information, akin to passwords or monetary info, was accessed.
Methods to remain protected after the SoundCloud breach
In case you have or had a SoundCloud account, now’s the time to take motion. Even restricted publicity to information can result in focused scams in the event you ignore it.
1) Concentrate on phishing and impersonation emails
Scammers typically act shortly after a breach. Monitor your inbox for messages mentioning SoundCloud, music uploads, copyright points, or account warnings. Do not click on hyperlinks or open attachments from sudden emails. When unsure, go on to the official web site as a substitute of utilizing e mail hyperlinks. Robust antivirus software program provides an additional layer of safety right here.
Almost 29.8 million accounts had emails and public profile information collected, elevating considerations about phishing and impersonation. (Cyberguy.com)
The easiest way to guard your self from malicious hyperlinks that set up malware and doubtlessly achieve entry to your personal information is to put in highly effective antivirus software program on all of your units. This safety may also provide you with a warning to phishing emails and ransomware assaults, holding your private information and digital property protected.
Uncover my picks for the perfect antivirus safety winners of 2026 on your Home windows, Mac, Android, and iOS units at Cyberguy.com
2) Change your SoundCloud password anyway
Passwords have not been made public, however altering them remains to be sensible. Create a brand new password that you do not use anyplace else. If remembering passwords appears unimaginable, think about using a password supervisor to generate and securely retailer sturdy passwords. This reduces the chance of reuse throughout platforms.
Then see in case your e mail has been uncovered in earlier breaches. Our #1 password supervisor (see Cyberguy.com) decide features a built-in breach scanner that checks to see in case your e mail tackle or passwords have appeared in recognized leaks. For those who uncover a match, instantly change reused passwords and safe these accounts with new, distinctive login credentials.
See the perfect expert-reviewed password managers of 2026 at Cyberguy.com
3) Allow two-factor authentication
Two-factor authentication (2FA) is a vital barrier if somebody tries to entry your account. Even when attackers later guess or receive a password, they nonetheless want a second verification step. Allow 2FA the place SoundCloud or affiliated companies supply it.
4) Lock your e mail account
Your e mail is the true goal after most breaches. If somebody positive factors entry to it, she or he can reset passwords anyplace else. Use a powerful, distinctive password on your e mail account and allow two-factor authentication. Verify restoration emails and cellphone numbers to verify they’re nonetheless yours.
DATA BREACH EXPOSES THE INFORMATION OF 400,000 BANKING CUSTOMERS
5) Cut back your on-line information footprint
Attackers use hacked emails to crawl information dealer websites and social platforms for extra particulars. The much less information accessible, the tougher it’s to focus on. Think about a knowledge deletion service to restrict how typically your e mail and private info seems on the Web.
Whereas no service can assure the entire deletion of your information from the Web, a knowledge deletion service is really a sensible alternative. They don’t seem to be low cost, and neither is your privateness. These companies do all of the give you the results you want by actively monitoring and systematically eradicating your private information from a whole lot of internet sites. It offers me peace of thoughts and has confirmed to be the best approach to erase your private information from the web. By limiting the data accessible, you cut back the chance of scammers evaluating information from breaches to info they’ll discover on the darkish internet, making it tougher for them to focus on you.
Try my prime picks for information deletion companies and get a free scan to search out out in case your private information is already on the web. Go to Cyberguy.com
Get a free scan to search out out in case your private info is already on the web: Cyberguy.com
6) Verify your different accounts for suspicious exercise
Attackers typically reuse uncovered e mail addresses to check logins to streaming companies, social media, and retail accounts. Be looking out for password reset emails you did not request or login alerts from unknown areas. If one thing is unsuitable, act shortly.
Safety researchers linked the breach to the extortion group ShinyHunters, which later tried to stress SoundCloud for fee. (Thomas Trutschel/Photothek by way of Getty Photographs)
Kurt’s most essential insights
Information breaches are now not restricted to at least one app or one second in time. Even when attackers launch info that appears harmless, the implications can final for much longer. The SoundCloud breach reveals how public profile information mixed with personal contact info creates actual fame. Staying alert, limiting information sharing, and practising sturdy safety habits stay your finest protection as breaches proceed to escalate.
Have you ever checked which previous or forgotten accounts are nonetheless exposing your e mail and presently placing you in danger? Tell us your ideas by writing to us at Cyberguy.com
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Join my FREE CyberGuy Report Get my prime tech suggestions, pressing safety alerts, and unique provides straight to your inbox. Plus, you may get instantaneous entry to my Final Rip-off Survival Information – free whenever you be part of my CYBERGUY.COM publication
Copyright 2026 CyberGuy.com. All rights reserved.