"Reports indicate that the music streaming platform suffered a major data breach, exposing information tied to nearly 30 million users. The incident, first detected in December 2025, reportedly enabled attackers to link private email addresses with public profile details, such as usernames and follower counts. While SoundCloud passwords, payment data, and private messages were not included in the breach, the exposure still poses risks. Cybersecurity experts warn that it can increase phishing, impersonation, and targeted scams for both everyday listeners and creators."
"According to Centraleyes, the breach didn't involve a direct break-in to SoundCloud's main user database. Instead, attackers allegedly gained access to an internal system and used it to connect private email addresses with public profile information. This allowed them to build a large dataset linking user identities and contact details at scale," Centraleyes noted. The breach later appeared in Have I Been Pwned, which listed approximately 29.8 million affected accounts and confirmed the incident was added to its database in January 2026."
SoundCloud detected unauthorized activity in December 2025 that enabled attackers to map private email addresses to public profile information at scale. Attackers accessed an internal system rather than the main user database and used it to connect private emails with names, usernames, avatars, follower and following counts, and sometimes geographic locations. Have I Been Pwned added approximately 29.8 million affected accounts to its database in January 2026. The attackers allegedly attempted to extort SoundCloud before publicly releasing the dataset. Passwords, payment information, and private messages were not included in the breach. The exposure increases risks of phishing, impersonation, and targeted scams for listeners and creators.
Read at TechRepublic
Unable to calculate read time
Collection
[
|
...
]