SoundCloud Data Breach
SoundCloud Music Streaming API Data Scrape (2025): 29.8 Million User Profiles Mapped from Public Data
Online audio distribution and music streaming platform.
Risk Interpretation
Exposure enables account takeover, harassment, phishing, and identity linkage between listeners and creators. Upload and engagement history can also reveal personal or professional creative activity.
Impact & Downstream Threats
In December 2025 SoundCloud announced it had discovered unauthorized activity on its platform. An attacker had exploited access to map publicly available SoundCloud profile data — usernames, display names, follower counts, and metadata — to the private email addresses of approximately 29.8 million users, effectively deanonymizing a large portion of the platform's registered base. SoundCloud disclosed the incident, notified affected users, and characterized the exposure as a mapping of public pro
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
Threat Vectors
Breach Intelligence
Executive Summary
SoundCloud suffered a data breach in late 2025 when an attacker gained unauthorized access to systems and mapped publicly available profile data to the private email addresses of approximately 29.8 million users. The threat actor, attributed to the ShinyHunters collective, is believed to have used scraping techniques to extract and link user records. After the initial breach, the attackers attempted to extort SoundCloud before publicly releasing the stolen data in January 2026. The exposed data includes email addresses, names, usernames, profile avatars, follower and following counts, and in some cases the user's country. While no financial data or account passwords were compromised, the breach is considered high risk because it effectively deanonymized a large share of SoundCloud's user base. Linking a private email address to a public profile allows attackers to identify who is behind an account, enabling targeted phishing, account takeover attempts, and harassment of both listeners and creators. SoundCloud disclosed the incident and notified affected users following discovery. No class-action lawsuits or regulatory enforcement actions had been publicly documented as of early 2026. Affected users should be alert to phishing emails that reference their SoundCloud activity, as attackers can now craft convincing messages using profile-specific details. Updating passwords and enabling two-factor authentication on any account sharing the same email address is strongly advised.
About SoundCloud
SoundCloud is an online audio distribution and music streaming platform that allows artists to upload and share music, podcasts, and audio content directly with listeners. Founded in 2007 in Berlin, the platform has become a primary discovery channel for independent and emerging artists and hosts hundreds of millions of tracks. SoundCloud operates on a freemium model with paid subscription tiers and has long been known as a platform where artists can distribute music without traditional label gatekeeping.
Why They Hold Your Data
Audio-sharing and streaming platforms collect user accounts, emails, profile data, listening history, uploads, social relationships, and creator activity across music and creator workflows.
Recent Developments
SoundCloud has navigated sustained financial pressure and ownership changes through the 2020s. The company sold a majority stake to a consortium including Sirius XM in 2017. It has continued developing monetization tools for creators and has maintained its position as a key independent artist platform despite competition from Spotify, Apple Music, and YouTube. The December 2025 breach was the most significant security event of the recent period.
Data Points Exposed
Exposure Categories
Canonical Fields
email_address, full_name, geographic_locations, profile_metadata, profile_photo:avatar, username
Dark Web Verification
- Dataset containing ~29.8M records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: SoundCloud Data Breach; sound-cloud-2026
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of SoundCloud
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam