Data Breaches
SoundCloud Limited is an online audio distribution platform and music sharing website based in Germany. It allows users to upload, promote, and share audio.
Breach Overview
In December 2025, SoundCloud identified unauthorized activity on its platform. This incident involved an attacker correlating publicly available SoundCloud profile data with email addresses. The breach affected approximately 29.8 million records, representing about 20% of SoundCloud's user base.
The exposed data includes avatars, email addresses, geographic locations (countries), names, profile statistics (follower and following counts), and usernames. This combination of data can increase the risk of targeted phishing attacks, as attackers possess both personal identifiers and contact information. While passwords were not exposed, the availability of email addresses linked to specific user profiles makes it easier for malicious actors to craft convincing phishing attempts or attempt credential stuffing attacks if users reuse passwords across services.
Following the data exfiltration, the attackers attempted to extort SoundCloud. When these demands were not met, the stolen data was publicly released the following month. The breach was confirmed by Have I Been Pwned.
Exposed Data
Next Steps
If your data was exposed in this breach, you should immediately change the password for your SoundCloud account. If you have used the same password on other websites or services, change those passwords as well. Use a strong, unique password for each account, preferably generated by a password manager.
Be vigilant for phishing attempts. Attackers now have your email address and potentially other personal details, which they can use to craft convincing but fraudulent emails or messages. Do not click on suspicious links or download attachments from unknown senders. Always verify the legitimacy of communications, especially those asking for personal information or login credentials.
Monitor your other online accounts for any unusual activity. While financial information was not directly exposed in this breach, the availability of your personal data could facilitate identity theft or unauthorized access to other accounts if you have weak or reused passwords. Consider enabling two-factor authentication (2FA) on all your online accounts where available, as this adds an extra layer of security beyond just a password.