""SoundCloud recently detected unauthorized activity in an ancillary service dashboard," opens a Monday post from the company. "Upon making this discovery, we immediately activated our incident response protocols and promptly contained the activity. We also engaged leading third-party cybersecurity experts to assist in a thorough investigation and response." Not long after SoundCloud and its hired help contained the incident, the site became the subject of multiple denial of service attacks."
"SoundCloud repelled the DDOS attacks, investigated the matter and learned "a purported threat actor group accessed certain limited data that we hold." SoundCloud says none of the data was sensitive - which it defines as financial or password data - and that attackers were able to access "only ... email addresses and information already visible on public SoundCloud profiles." The company also said the incident only impacted 20 percent of users."
"SoundCloud's post contains some clues about the incident, in the form of info about its remediation efforts, which include "enhancing our monitoring and threat-detection, reviewing and reinforcing identity and access controls and conducting a comprehensive audit of related systems." That suggests the threat actor may have accessed SoundCloud systems - perhaps through the "ancillary service dashboard" - and rummaged through a trove of data that's also present in users' public profiles, an outcome that's consistent with the many warnings The Register has reported regarding cr"
SoundCloud detected unauthorized activity in an ancillary service dashboard and immediately activated incident response protocols, containing the activity and engaging third-party cybersecurity experts. Shortly after containment, the platform experienced multiple denial-of-service attacks that temporarily disabled web availability. Investigation found a purported threat actor accessed limited, non-sensitive data, primarily email addresses and information already visible on public profiles, affecting about 20 percent of users. SoundCloud repelled the DDoS attacks and implemented remediation measures including enhanced monitoring and threat-detection, reviewed identity and access controls, and a comprehensive audit of related systems. Estimated user figures imply millions of affected accounts.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]