The December 2025 breach at SoundCloud resulted in the streaming platform reportedly losing sensitive data on approximately 20% of its user base, which equates to around 28 million individuals.
Now, a report from BleepingComputer, which picked up data from Have I Been Pwned? (HIBP), shows the latter adding 29.8 million accounts to its platform. HIBP is a database of email addresses stolen in different breaches, where people can see if their addresses were exposed.
“In December 2025, SoundCloud announced it had discovered unauthorised activity on its platform. The incident allowed an attacker to map publicly available SoundCloud profile data to email addresses for approximately 20% of its users. The impacted data included 30M unique email addresses, names, usernames, avatars, follower and following counts and, in some cases, the user’s country. The attackers later attempted to extort SoundCloud before publicly releasing the data the following month,” HIBP said in a notification.
As per HIBP data, the attackers stole email addresses, geographic locations, names, usernames, and profile statistics.
In a data breach notification posted on its website, SoundCloud said it detected unauthorised activity in an ancillary service dashboard, which resulted in the attackers stealing user emails and information otherwise visible on public SoundCloud profiles.
“We understand that a purported threat actor group accessed certain limited data that we hold. We have completed an investigation into the data that was impacted, and no sensitive data (such as financial or password data) has been accessed. The data involved consisted only of email addresses and information already visible on public SoundCloud profiles and affected approximately 20% of SoundCloud users,” the company stated.
BleepingComputer also reported that the attack was carried out by ShinyHunters, an infamous ransomware gang known for giving up on encryptors entirely and focusing solely on sophisticated methods like data exfiltration and extortion.
Immediately after the incident, SoundCloud also brought in a third-party cybersecurity company to assist with the analysis and containment and said that after the threat had been eliminated, the attackers engaged in multiple denial-of-service attacks. Two of them even succeeded in temporarily disabling SoundCloud’s availability on the web. Users who access the platform via VPN also faced troubles, as they saw the “403 ERROR – The request could not be satisfied” messages.
“At first, users believed this was due to geoblocking, or IP filtering changes, but it was later explained that it was because of security hardening measures SoundCloud implemented after the breach,” Techradar Pro reported back in December 2025.