SoundCloud 2025 Data Breach

SoundCloud Music Streaming API Data Scrape (2025): 29.8 Million User Profiles Mapped from Public Data | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

ShinyHuntersStreamingMusicEmail AddressFull NameGeographic LocationProfile MetadataProfile PhotoUsername
Moderate SeverityWebsite / service breach

SoundCloud Music Streaming API Data Scrape (2025): 29.8 Million User Profiles Mapped from Public Data

Online audio distribution and music streaming platform.

Verified by ObscureIQ Intelligence
54/100Breach Risk Index
5Data Value
80Market Recency
90dSince Breach

Breach Intelligence Summary

Entity: SoundCloud · Actor: ShinyHunters · Sources: 4 references
Attack: Unknown
Profile: Platform · Music streaming and audio sharing · Creator and streaming platform · Global
Timeline: Breach (2025-12-15) · Indexed (Jan 27, 2026) · Year (2025)
Exposure: 29.8M records · 6 fields: Email Address, Full Name, Geographic Location, Profile Metadata, Profile Photo, Username
Status: Confirmed

Executive Summary

SoundCloud suffered a data breach in late 2025 when an attacker gained unauthorized access to systems and mapped publicly available profile data to the private email addresses of approximately 29.8 million users. The threat actor, attributed to the ShinyHunters collective, is believed to have used scraping techniques to extract and link user records. After the initial breach, the attackers attempted to extort SoundCloud before publicly releasing the stolen data in January 2026. The exposed data includes email addresses, names, usernames, profile avatars, follower and following counts, and in some cases the user's country. While no financial data or account passwords were compromised, the breach is considered high risk because it effectively deanonymized a large share of SoundCloud's user base. Linking a private email address to a public profile allows attackers to identify who is behind an account, enabling targeted phishing, account takeover attempts, and harassment of both listeners and creators. SoundCloud disclosed the incident and notified affected users following discovery. No class-action lawsuits or regulatory enforcement actions had been publicly documented as of early 2026. Affected users should be alert to phishing emails that reference their SoundCloud activity, as attackers can now craft convincing messages using profile-specific details. Updating passwords and enabling two-factor authentication on any account sharing the same email address is strongly advised.

ObscureIQ assessment: Exposure enables account takeover, harassment, phishing, and identity linkage between listeners and creators. Upload and engagement history can also reveal personal or professional creative activity.

Breach Impact

In December 2025 SoundCloud announced it had discovered unauthorized activity on its platform. An attacker had exploited access to map publicly available SoundCloud profile data — usernames, display names, follower counts, and metadata — to the private email addresses of approximately 29.8 million users, effectively deanonymizing a large portion of the platform's registered base. SoundCloud disclosed the incident, notified affected users, and characterized the exposure as a mapping of public profile data to private contact information rather than a breach of core account credentials or financial data. No class-action litigation or regulatory enforcement action specific to this breach has been prominently documented as of early 2026.

About SoundCloud

SoundCloud is an online audio distribution and music streaming platform that allows artists to upload and share music, podcasts, and audio content directly with listeners. Founded in 2007 in Berlin, the platform has become a primary discovery channel for independent and emerging artists and hosts hundreds of millions of tracks. SoundCloud operates on a freemium model with paid subscription tiers and has long been known as a platform where artists can distribute music without traditional label gatekeeping.

Why They Hold Your Data

Audio-sharing and streaming platforms collect user accounts, emails, profile data, listening history, uploads, social relationships, and creator activity across music and creator workflows.

Recent Developments

SoundCloud has navigated sustained financial pressure and ownership changes through the 2020s. The company sold a majority stake to a consortium including Sirius XM in 2017. It has continued developing monetization tools for creators and has maintained its position as a key independent artist platform despite competition from Spotify, Apple Music, and YouTube. The December 2025 breach was the most significant security event of the recent period.

Data Points Exposed

6 verified field types
Email Address
Full Name High
Geographic Location
Profile Metadata
Profile Photo
Username

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • Pattern-of-life analysis & physical surveillance
  • Account analysis
  • Deepfake & identity document fraud
  • Identity impersonation on platforms
  • Cross-platform tracking & credential stuffing

Threat Actor: ShinyHunters

ShinyHunters
Unknown

Attribution and method are based on available breach intelligence. Reported attack vector: Unknown.

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the SoundCloud breach?

SoundCloud suffered a data breach in late 2025 when an attacker gained unauthorized access to systems and mapped publicly available profile data to the private email addresses of approximately 29.8 million users. The threat actor, attributed to the ShinyHunters collective, is believed to have used…

What data was exposed?

Verified fields include Email Address, Full Name, Geographic Location, Profile Metadata, Profile Photo, Username.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
Have I Been Pwned
Record & field corroboration
Breach Index
DataBreach.com
Record & field corroboration
Cross-source
Dehashed
Independent catalogue listing
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation