In the event you’ve ever had a SoundCloud account, now could be an excellent time to double-check your safety settings.
Studies point out that the music streaming platform suffered a serious information breach, exposing info tied to just about 30 million customers. The incident, first detected in December 2025, reportedly enabled attackers to hyperlink personal electronic mail addresses with public profile particulars, corresponding to usernames and follower counts.
Whereas SoundCloud passwords, cost information, and personal messages weren’t included within the breach, the publicity nonetheless poses dangers. Cybersecurity specialists warn that it may possibly enhance phishing, impersonation, and focused scams for each on a regular basis listeners and creators.
What occurred within the SoundCloud breach
SoundCloud was reported to have found unauthorized exercise in December 2025 that enabled attackers to map personal electronic mail addresses to public profile info at scale.
In accordance with Centraleyes, the breach didn’t contain a direct break-in to SoundCloud’s predominant person database. As a substitute, attackers allegedly gained entry to an inner system and used it to attach personal electronic mail addresses with public profile info. This allowed them to construct a big dataset linking person identities and phone particulars at scale,” Centraleyes famous.
The breach later appeared in Have I Been Pwned, which listed roughly 29.8 million affected accounts and confirmed the incident was added to its database in January 2026.
What info was uncovered
In accordance with Have I Been Pwned, the compromised dataset included distinctive electronic mail addresses and publicly accessible profile info.
The uncovered information included names, usernames, avatars, follower and following counts, and in some instances, geographic location particulars. After allegedly making an attempt to extort SoundCloud, the attackers publicly launched the information the next month.
Have I Been Pwned famous that passwords, cost info, and personal messages weren’t a part of the breach? That reduces the probability of direct account takeover on SoundCloud itself, however the privateness influence continues to be important.
Centraleyes additionally emphasised that linking electronic mail addresses with profile identities could make it simpler for attackers to craft convincing phishing emails that seem respectable. “This will have an effect on different companies you employ, particularly in the event you reuse passwords,” Centraleyes added.
What customers ought to know
Even when passwords will not be uncovered, breaches involving electronic mail addresses can nonetheless create safety issues. Attackers usually use leaked emails to launch phishing campaigns or check credentials throughout different platforms the place individuals could reuse passwords.
This sort of publicity additionally makes it simpler for scammers to ship convincing messages that seem tied to your SoundCloud id, particularly for artists, podcasters, and creators with public audiences.
Have I Been Pwned advisable that customers change reused passwords instantly and allow two-factor authentication wherever attainable. Customers can even test if their electronic mail has been compromised in an information breach by looking out the Have I Been Pwned web site.
Additional studying: Wish to keep away from an information breach? Study successfully handle an information breach with our in-depth information.
