SoundCloud Data Breach

SoundCloud Data Breach

Status: Confirmed
29.8M Records
Dec 2025 Breach
Jan 2026 Data Posted

Breach Overview

Threat Actor ShinyHunters (attributed)
Vector Ancillary dashboard compromise and social engineering (vishing suspected)
Date of Breach December 2025
Date of Reporting January 2026
Data Posted January 2026 (dark web leak site)
Records Stolen 29,892,439 total records (~30 million)
Data Source Attribution Dark web leak site, independent breach indexing platforms, Have I Been Pwned (HIBP added Jan 27, 2026)

Summary

In December 2025, SoundCloud disclosed unauthorized activity that resulted in the exposure of approximately 30 million user records.

The attacker mapped publicly visible SoundCloud profile data to associated email addresses. Roughly 20% of the platform’s user base was affected.

After allegedly attempting to extort the company, the threat actor released the dataset publicly on a dark web leak site in January 2026.

The dataset primarily contains email addresses linked to public profile metadata. No passwords or payment data have been confirmed as exposed at this time.

While SoundCloud stated that financial credentials and authentication secrets were not compromised, the exposure materially increases phishing, impersonation, and credential reuse risk at scale.

The archive is now circulating across multiple breach-sharing communities and mirrors.

About SoundCloud

SoundCloud is a global music streaming and audio distribution platform headquartered in New York, serving listeners, independent artists, podcasters, and subscription customers worldwide.

User data is generated through:

  • Public profile creation
  • Music uploads and creator dashboards
  • Subscription services (Go / Go+)
  • Listener accounts and playlist activity
  • Advertising and analytics systems

Because email addresses were mapped to public-facing profile data, both casual listeners and high-visibility creators may be impacted.

Data Points Exposed

Data observed in the leaked dataset:
Email address
Name
Username
Avatar (profile image reference)
Follower count
Following count
Geographic location (country; in some cases city)
Not observed in the leaked dataset:
Passwords
Payment card data
Direct authentication credentials
Social Security Numbers

Dark Web Verification

Status: Confirmed

  • Independent researchers verified that a SoundCloud-labeled dataset containing approximately 29.8 million records has been published and redistributed.
  • The data is actively traded and mirrored.

Threat Actor: ShinyHunters

The collective is known for social engineering campaigns targeting SaaS dashboards, CRM environments, and internal administrative panels.

Reporting indicates the group may have gained access via:
  • Vishing techniques
  • Manipulating employees to grant dashboard-level access rather than exploiting core production systems

The data is actively traded and mirrored.

Impact

This breach does not appear to involve direct financial theft. It significantly increases downstream exploitation risk.

Potential impacts include:
  • Targeted phishing using verified SoundCloud usernames
  • Credential stuffing against other accounts sharing the same email
  • Impersonation of artists, podcasters, and creators
  • Harassment or doxing of public-facing musicians
  • Subscription renewal scams targeting Go/Go+ users
  • Industry-themed fraud posing as labels or booking agents
  • Data broker enrichment and resale

Because the exposed dataset links private email addresses to public-facing profiles, creators face elevated risk of harassment and targeted social engineering.

Recommendations for Impacted Clients

If you believe your information may be included:

Check Your Exposure
If you are an ObscureIQ client, this breach has been indexed into your exposure profile.
Non-clients may request a breach impact review.
Expect Targeted Phishing
Be cautious of emails referencing:
SoundCloud subscription renewals
Copyright notices
Collaboration offers
Label or distribution deals
Verify directly through official channels.
Secure Your Email
Enable MFA immediately.
Email is the primary pivot point for follow-on attacks.
Change Reused Passwords
If your SoundCloud email is used elsewhere, rotate credentials.
Protect Public-Facing Creators
High-visibility artists should:
Audit business contact emails
Separate public-facing and private accounts
Monitor impersonation attempts
Suppress Personal Data
Remove exposed addresses, phone numbers, and enrichment data from broker networks and search engines.

Corporate Accountability

SoundCloud is a privately held company with U.S. headquarters in New York.

Private companies are not subject to the same immediate SEC disclosure requirements as publicly traded entities.

Users may not receive formal breach letters at the same speed seen in public-company incidents.

New York jurisdiction subjects SoundCloud to state data protection laws, including the NY SHIELD Act.

Organizations collecting personal data have a duty to implement reasonable safeguards.

ObscureIQ Advisory

We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.

If you are:
  • A public-facing creator
  • A high-profile individual
  • A subscription customer
  • Or simply concerned about credential reuse

We can confirm whether your information is circulating and evaluate downstream threat vectors.

Services
Audits Wipes Threat Monitoring Training
Contact
Phone +1 772-207-0046 Email info@obscureiq.com

We offer elite privacy and intelligence services for people with everything to lose.

© 2026 ObscureIQ. All Rights Reserved.

Credit

What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)

July 14, 2025
Every time there’s a major data breach, companies scramble to offer “free” credit monitoring. It sounds like a responsible move.…
breach economycredit freezecredit scoreequifaxexperian
Credible Threats

Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.

September 2, 2025
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars. Over 80% of security incidents now start in the browser. Chrome.…
brave browserbreachesbrowser exploitbrowserschrome
Analysis

Sextortion Spam

May 10, 2025
Sextortion scams aren’t new, but they remain one of the most effective forms of cyber-enabled fraud. These scams don’t rely…
bitcoindeadlinefeargoogle maps apiransom

Contact ObscureIQ for a free breach impact check.

If you believe your information may be part of this breach,or want confirmation across other datasets,

We use a multi-layered intelligence stack, combining public and restricted dark-web sources, to confirm whether your data is in circulation.