SoundCloud recently detected unauthorized activity on an ancillary service dashboard, prompting the company to initiate its incident response procedures. While acknowledging a threat actor accessed some data, SoundCloud stated that no sensitive information, such as financial or password data, was exposed, and the breach was limited to email addresses and publicly visible profile details. The company believes it has blocked all unauthorized access and is working with cybersecurity experts to strengthen its security, including improving monitoring and reviewing access controls.

However, the company’s immediate response included a configuration change that inadvertently caused the VPN connectivity disruption that users had been reporting. SoundCloud has not yet provided a timeline for when full VPN access will be restored for its users.

GET 50% Discount for VPN/ANTIVIRUS SOFTWARE AT 911Cyber - CODE: bit5025

Following the initial security response, SoundCloud also experienced additional denial-of-service attacks that temporarily took down the platform’s web availability. After this information was reported, SoundCloud subsequently published its own security notice detailing the incident.

The full impact of the breach is estimated to be significant, affecting 20% of the platform’s users, which corresponds to around 28 million accounts based on available user figures. Despite the large scale, SoundCloud maintains that the stolen data is not sensitive and consists only of email addresses and data already present in public profiles.

Source: SoundCloud Confirms Data Breach After Member Data Stolen And VPN Disrupted