Accelerated by:
Certifications:
Light Eyes is part of Apolo Cybersecurity
ENG
ENG
%402x.svg){kind=icon}
.webp)
SoundCloud, one of the most popular audio streaming platforms in the world, has confirmed that it was the victim of a cyberattack that caused unauthorized access to data from a relevant part of its users. The incident, detected in an internal system, could have affected approximately 20% of registered accounts, also causing service interruptions and access problems for some users.
Although the company has assured that no passwords or financial data have been compromised, the breach has generated concern among creators and listeners, especially because of the increased risks of phishing and digital fraud following such incidents.
SoundCloud detected suspicious activity in one of its internal systems, leading the company to immediately activate its incident response protocols and collaborate with external cybersecurity experts. As a result of this unauthorized access, attackers were able to obtain email addresses and public profile data from a part of the users.
The company has confirmed that no sensitive data, such as passwords, banking information or payment details, were affected. After identifying the source of the problem, SoundCloud claimed to have solved the vulnerability and reinforced its systems to prevent new unauthorized access.
After the incident was detected, SoundCloud experienced temporary service interruptions, resulting from several denial of service (DoS) attacks that affected access to the platform. In addition, some users reported difficulties connecting when using VPNs, as a result of additional security measures implemented after the attack.
Although SoundCloud has not officially attributed the breach to any specific actor, specialized media point to the cyberextortion group ShinyHunters as possibly responsible. This group has previously been linked to massive data breaches and extortion campaigns aimed at large technological platforms.
The SoundCloud incident highlights growing cybersecurity challenges on streaming platforms, which manage millions of accounts and large volumes of personal data. Although no passwords or financial information were compromised in this case, the exposure of emails can facilitate targeted phishing campaigns, especially against content creators and users with a public presence.
In addition, this type of attack reinforces the need for technological platforms to regularly audit their internal systems, reinforce their prevention measures and communicate with transparency when a security breach occurs. For users, the case serves as a reminder of the importance of adopting good digital security practices.
In the face of such incidents, SoundCloud recommends that its users:
Cases like this demonstrate how a security breach can affect millions of users in a matter of hours. Understanding these incidents is the first step in reducing risks and better protecting your digital information.