Data leak at SoundCloud
In December 2025, music-streaming platform SoundCloud disclosed a breach in which an attacker abused an internal system to map roughly 29.8 million private email addresses to public profile data — about 20% of its users; no passwords or payment data were taken.
- Victim
- SoundCloud
- records
- 29.8M
On 16 December 2025, SoundCloud — the Berlin-based global music-streaming and audio-sharing platform — disclosed that it had detected unauthorized activity affecting roughly 29.8 million accounts, about 20% of its user base. The company went public after users reported access problems and 403 "Forbidden" errors, notably when connecting through a VPN.
Rather than a break-in to the main user database, the attacker gained access to an internal system and used it to link private email addresses to information already visible on public profiles. The resulting dataset effectively associated each leaked email with a creator identity, making it well suited to targeted phishing, impersonation and extortion. The intrusion has been attributed to the ShinyHunters extortion group, which attempted to extort SoundCloud before leaking the data online in January 2026.
Exposed data categories included:
- Email addresses
- Names and usernames / display names
- Profile avatars
- Public follower and following counts
- General geographic location (country, in some cases)
SoundCloud stated that passwords, payment information and private messages were not accessed. The leaked records were indexed by Have I Been Pwned, and the incident has since prompted consumer class-action activity in the United States.
Sources
- soundcloud.comhttps://soundcloud.com/playbook-articles/protecting-our-users-and-our-service
- haveibeenpwned.comhttps://haveibeenpwned.com/Breach/SoundCloud
- techrepublic.comhttps://www.techrepublic.com/article/news-soundcloud-breach-exposes-nearly-30-million-users/
- centraleyes.comhttps://www.centraleyes.com/soundcloud-data-breach-nearly-30-million-accounts-confirmed-exposed/