Cyber Daily Report

News

Home News

SoundCloud Confirms Security Incident

  • None--securityboulevard.com
  • published date: 2025-12-16 00:00:00 UTC

None

<p>SoundCloud confirmed today that it experienced a security incident involving unauthorized access to a supporting internal system, resulting in the exposure of certain user data. The company said the incident affected approximately 20 percent of its users and involved email addresses along with information already visible on public SoundCloud profiles. Passwords and financial information were not accessed, according to SoundCloud.</p><p>The company disclosed the issue after detecting suspicious activity tied to what it described as an “ancillary service dashboard.” SoundCloud said it contained the activity, engaged external cybersecurity experts to support the investigation, and implemented additional security measures. Following the containment effort, SoundCloud also experienced denial-of-service attacks that caused temporary disruption to web access for some users.</p><div class="wp-block-image"> <figure class="aligncenter size-full"><img fetchpriority="high" decoding="async" width="740" height="389" src="https://www.centraleyes.com/wp-content/uploads/2025/12/soundcloud-incident.png" alt="" class="wp-image-34887" srcset="https://www.centraleyes.com/wp-content/uploads/2025/12/soundcloud-incident.png 740w, https://www.centraleyes.com/wp-content/uploads/2025/12/soundcloud-incident-300x158.png 300w" sizes="(max-width: 740px) 100vw, 740px"></figure> </div><h2 class="wp-block-heading">What Data Was Exposed</h2><p>SoundCloud has been specific about the scope of data involved.</p><p>According to the company, the exposed data consisted of:</p><ul class="wp-block-list"> <li>User email addresses</li> <li>Information already available on public SoundCloud profiles</li> </ul><p>SoundCloud stated that passwords, payment details, and other sensitive account credentials were not accessed. While the company did not publish an exact user count, multiple reports note that 20 percent of SoundCloud’s user base could translate into a significant number of accounts, given the platform’s global scale.</p><h2 class="wp-block-heading">How The Incident Occurred</h2><p>SoundCloud has not described the event as a breach of its main consumer platform. Instead, the company says the unauthorized activity was detected in a secondary internal system used to support operations. These types of systems typically include administrative dashboards or service tools that have access to user data but are not directly exposed to end users.</p><p>Once the activity was identified, SoundCloud says it took steps to contain access and began an investigation with third-party security specialists. Shortly afterward, the company experienced denial-of-service attacks that intermittently affected web availability. SoundCloud indicated these attacks were separate from the initial unauthorized access but occurred during the same response window.</p><p>Some users also reported being blocked from accessing SoundCloud while using VPN services. The company said those access issues were related to security configuration changes made during remediation and are being addressed.</p><h2 class="wp-block-heading">Was This A Ransomware Or an Extortion Attack?</h2><p>SoundCloud has not publicly attributed the incident to a specific threat actor. While some reporting has referenced claims circulating online about possible extortion activity, SoundCloud has not confirmed those claims in its disclosure. At this stage, attribution remains unverified, and the company has focused its communications on confirmed facts rather than speculation.</p><h2 class="wp-block-heading">What This Means For Users</h2><p>For users, the immediate impact is tied to the exposure of email addresses combined with publicly visible profile information. While this does not provide direct access to SoundCloud accounts, it does increase the likelihood of targeted phishing attempts that reference SoundCloud activity, creator accounts, or platform notifications.</p><p>SoundCloud has not required password resets and has said it believes unauthorized access to its systems has been stopped. The company continues to investigate the incident and monitor for further activity.</p><p>The post <a href="https://www.centraleyes.com/soundcloud-confirms-security-incident/">SoundCloud Confirms Security Incident</a> appeared first on <a href="https://www.centraleyes.com/">Centraleyes</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/12/soundcloud-confirms-security-incident/" data-a2a-title="SoundCloud Confirms Security Incident"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fsoundcloud-confirms-security-incident%2F&amp;linkname=SoundCloud%20Confirms%20Security%20Incident" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fsoundcloud-confirms-security-incident%2F&amp;linkname=SoundCloud%20Confirms%20Security%20Incident" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fsoundcloud-confirms-security-incident%2F&amp;linkname=SoundCloud%20Confirms%20Security%20Incident" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fsoundcloud-confirms-security-incident%2F&amp;linkname=SoundCloud%20Confirms%20Security%20Incident" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fsoundcloud-confirms-security-incident%2F&amp;linkname=SoundCloud%20Confirms%20Security%20Incident" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.centraleyes.com/">Centraleyes</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Rebecca Kappel">Rebecca Kappel</a>. Read the original post at: <a href="https://www.centraleyes.com/soundcloud-confirms-security-incident/">https://www.centraleyes.com/soundcloud-confirms-security-incident/</a> </p>

Most Popular

SoundCloud Confirms Security Incident

  • None -- securityboulevard.com
  • Published date: 2025-12-16 00:00:00 UTC

What You Should Know Before Migrating Your App to Ruby on Rails: Key Insights for a Smooth Transition

  • None -- securityboulevard.com
  • Published date: 2025-12-16 00:00:00 UTC

Veza Extends Reach to Secure and Govern AI Agents

  • Michael Vizard -- securityboulevard.com
  • Published date: 2025-12-16 00:00:00 UTC

How test data generators support compliance and data privacy

  • None -- securityboulevard.com
  • Published date: 2025-12-16 00:00:00 UTC

What risks do NHIs pose in cybersecurity

  • None -- securityboulevard.com
  • Published date: 2025-12-15 00:00:00 UTC