Pandora 2025 Data Breach
ObscureIQ Breach Intelligence
Low SeverityWebsite / service breach
Pandora Music Streaming Service Breach (Salesforce, 2025): 8.9 Million Subscriber Email & Home Address Records Exposed
Music streaming service.
Verified by ObscureIQ Intelligence
0/100Breach Risk Index
8Data Value
Breach Intelligence Summary
Entity: Pandora · Actor: Scattered Lapsus$ Hunters · Sources: 2 references
Attack: Unknown
Profile: Platform · Music streaming services · Subscription-based audio platform · Global
Timeline: Breach (2025-10-10) · Year (2025)
Exposure: 8.9M records · 3 fields: Email Address, Phone Number, Physical Address
Status: Reported
Executive Summary
Pandora, the SiriusXM-owned music streaming service, was caught up in a broader supply chain attack targeting Salesforce in October 2025. A threat group calling itself "Scattered LAPSUS$ Hunters" claimed responsibility and released a sample of stolen data on October 3, 2025, announcing that the full dataset would follow on October 10, 2025. Pandora was one of approximately 39 organizations listed on the group's dark web leak site as part of the same campaign. The breach affected an estimated 8.9 million records. The exposed data includes customer names, email addresses, phone numbers, and home addresses, along with account metadata from Salesforce's CRM platform. This combination of contact details creates clear pathways for phishing attacks, where criminals craft convincing messages impersonating Pandora or SiriusXM, as well as for account takeover attempts and physical mail fraud. Because the data originates from a music platform, it may also carry behavioral signals, such as subscription history and usage patterns, that can be used to build detailed profiles of affected individuals. Pandora has not issued detailed public statements about its specific exposure or response to the incident. No regulatory action has been publicly announced. Affected individuals should treat unexpected emails or calls referencing their Pandora account with suspicion, consider placing a fraud alert with credit bureaus, and monitor for any unauthorized account activity.
ObscureIQ assessment: Exposure enables account takeover, phishing, and behavioral profiling. Listening and subscription history may also reveal personal interests, routines, and demographic signals.
Breach Impact
Pandora was among the approximately 39 organizations listed on the Scattered LAPSUS$ Hunters dark web leak site in October 2025, with customer contact data including email addresses, phone numbers, and home addresses published as part of the Salesforce campaign. Pandora has not made detailed public statements about its specific response or the scope of its exposure in this campaign.
About Pandora
Pandora is a music streaming and internet radio service operating in the United States, offering both free ad-supported and paid subscription tiers. The platform pioneered the Music Genome Project approach to personalized radio recommendations. Pandora was acquired by SiriusXM in 2019 and now operates as part of the SiriusXM Holdings portfolio alongside the satellite radio service. It competes with Spotify, Apple Music, and Amazon Music in the streaming market.
Why They Hold Your Data
Streaming services collect user accounts, emails, subscription data, listening history, device identifiers, and ad or recommendation signals across music-delivery platforms.
Recent Developments
Pandora has operated under SiriusXM's ownership with continued investment in its personalized radio and on-demand streaming products. SiriusXM has been managing subscriber and revenue dynamics across its combined satellite and streaming portfolio. No major standalone Pandora organizational developments beyond the breach have been prominently reported in the recent period.
Data Points Exposed
3 verified field types
Email Address
Phone Number
Physical Address High
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Exploitation & Downstream Threats
Threat Activity:High
Primary downstream threats:
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
Threat vectors:
- Phishing, credential stuffing & account takeover
- SIM swapping, vishing & SMS phishing
- Physical stalking, mail fraud & identity verification
- Home targeting, stalking & physical threat
Threat Actor: Scattered Lapsus$ Hunters
Scattered Lapsus$ Hunters
Unknown
Attribution and method are based on available breach intelligence. Reported attack vector: Unknown.
Recommended Actions
If you believe your information may be included:
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
Frequently Asked Questions
What happened in the Pandora breach?▾
Pandora, the SiriusXM-owned music streaming service, was caught up in a broader supply chain attack targeting Salesforce in October 2025. A threat group calling itself "Scattered LAPSUS$ Hunters" claimed responsibility and released a sample of stolen data on October 3, 2025, announcing that the…
What data was exposed?▾
Verified fields include Email Address, Phone Number, Physical Address.
What should I do if I was affected?▾
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Sources & References
Every claim on this page is traceable. This breach draws on:
Breach Index
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Protect Yourself
Check If You're Affected
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
High-Risk? Get an Exposure Audit
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation