Skip to content
Data breachContained

Data leak at SoundCloud

In December 2025, music-streaming platform SoundCloud disclosed a breach in which an attacker abused an internal system to map roughly 29.8 million private email addresses to public profile data — about 20% of its users; no passwords or payment data were taken.

Victim
SoundCloud
records
29.8M

On 16 December 2025, SoundCloud — the Berlin-based global music-streaming and audio-sharing platform — disclosed that it had detected unauthorized activity affecting roughly 29.8 million accounts, about 20% of its user base. The company went public after users reported access problems and 403 "Forbidden" errors, notably when connecting through a VPN.

Rather than a break-in to the main user database, the attacker gained access to an internal system and used it to link private email addresses to information already visible on public profiles. The resulting dataset effectively associated each leaked email with a creator identity, making it well suited to targeted phishing, impersonation and extortion. The intrusion has been attributed to the ShinyHunters extortion group, which attempted to extort SoundCloud before leaking the data online in January 2026.

Exposed data categories included:

  • Email addresses
  • Names and usernames / display names
  • Profile avatars
  • Public follower and following counts
  • General geographic location (country, in some cases)

SoundCloud stated that passwords, payment information and private messages were not accessed. The leaked records were indexed by Have I Been Pwned, and the incident has since prompted consumer class-action activity in the United States.

Sources

  1. soundcloud.comhttps://soundcloud.com/playbook-articles/protecting-our-users-and-our-service
  2. haveibeenpwned.comhttps://haveibeenpwned.com/Breach/SoundCloud
  3. techrepublic.comhttps://www.techrepublic.com/article/news-soundcloud-breach-exposes-nearly-30-million-users/
  4. centraleyes.comhttps://www.centraleyes.com/soundcloud-data-breach-nearly-30-million-accounts-confirmed-exposed/

Related incidents

Data breachUnknown

Leak at Europages

On 28 December 2025, a database of 205,403 B2B prospects from European business directory Europages was reported leaked, exposing contact and company-registration details (names, job titles, employers, postal and email addresses, phone numbers, SIRET and VAT identifiers).

Victim
Europages
Records
205.4K
Data breachContained

Leak at HelloWork

In late December 2025, French recruitment platform HelloWork disclosed that data on roughly 2.8 million jobseekers — names, emails and professional-profile details — was scraped from its CV library via a fraudulently used recruiter account and offered for sale online.

Victim
HelloWork
Records
2.8M
Data breachUnknown

Leak at Oui Heberg

On 10 November 2025, French web-hosting and VPS provider OuiHeberg was reported to have leaked customer contact records — names, email addresses, phone numbers and postal addresses — following a security incident affecting its infrastructure.

Victim
Oui Heberg
Data breachUnknown

Leak at MYM

In November 2025, a database of around 5 million records from French adult-content subscription platform MYM was published on a cybercrime forum, exposing creators' and subscribers' names, emails, postal addresses, phone numbers, IP addresses, birthdates and MD5-hashed passwords; the data traces back to a 2021 compromise.

Victim
MYM
Records
5.0M