Data Breaches

← Breach overview
SoundCloud Limited logo

SoundCloud Limited

soundcloud.com
🎮EntertainmentSoundCloud Go+SoundCloud Inc.

SoundCloud is a music streaming and sharing platform that enables artists and fans to connect through music. It operates globally, serving as a hub for music culture.

Key Takeaways

  • In December 2025, 29.8 million SoundCloud user records were exposed, including email addresses, names, usernames, avatars, geographic locations, and profile statistics.
  • This incident is part of a pattern of data exposures affecting social media and music platforms.
  • Affected individuals should be cautious of unsolicited communications, as their email addresses and public profile information are now more widely known.

Breach Overview

In December 2025, SoundCloud experienced unauthorized activity that exposed data for approximately 29.8 million users. The exposed information included avatars, email addresses, geographic locations, names, profile statistics, and usernames. This incident allowed an attacker to link publicly available SoundCloud profile data with email addresses for about 20% of its user base. SoundCloud Limited has publicly acknowledged this incident, stating that no sensitive data was taken and the exposed data consisted of email addresses and information already visible on public profiles.

Exposed Data

AvatarsEmail addressesGeographic locationsNamesProfile statisticsUsernames

Timeline & Cause

The data exposure occurred in December 2025. SoundCloud disclosed the incident on January 27, 2026, and later provided a final update on February 24, 2026. The incident involved an attacker mapping publicly available SoundCloud profile data to email addresses. Following the exposure, the attackers attempted to extort SoundCloud before publicly releasing the data.

Next Steps

Affected individuals should be vigilant about potential phishing attempts or unsolicited communications, as their email addresses and public profile information may be used by attackers. It is advisable to use strong, unique passwords for all online accounts and enable two-factor authentication where available. Be cautious of any emails or messages that claim to be from SoundCloud and ask for personal information or login credentials.

Take Action

Generate a GDPR request

Build a ready-to-send access or deletion request.

Download Paperweight

Scan your inbox to find other accounts linked to exposed data.