- SoundCloud breach exposed ~30 million user emails and profile data in December 2025
- Attackers attempted blackmail before publicly releasing stolen information
- ShinyHunters linked to breach, Okta SSO-targeted campaigns continue
We have now confirmed exactly how many people were affected by the December 2025 breach at SoundCloud, as well as how users can check if they are affected.
In mid-December 2025, SoundCloud confirmed that it suffered a cyber attack and lost sensitive data of around 20% of its user base – approximately 28 million people.
The company did not share the exact number of affected users, but Bleeping Computer caught that Have I Been Pwned? (HIBP) Added 29.8 million accounts to its platform. HIBP is a database of email addresses stolen in various breaches where people can see if their addresses were exposed.
ShinyHunters strikes again
“In December 2025, SoundCloud announced that it had detected unauthorized activity on its platform. The incident allowed an attacker to map publicly available SoundCloud profile data to email addresses for approximately 20% of its users,” HIBP said in a notification.
“The affected data included 30 million unique email addresses, names, usernames, avatars, followers and followers, and in some cases the user’s country. The attackers later attempted to blackmail SoundCloud before releasing the data the following month.”
According to HIBP data, the attackers stole email addresses, geographic locations, names, usernames and profile statistics.
In a data breach notice posted on its website, SoundCloud said it detected unauthorized activity in a help desk dashboard that resulted in the attackers stealing user emails and information otherwise visible on public SoundCloud profiles.
Bleeping Computer also reported that the attack was carried out by ShinyHunters, a notorious ransomware gang known for abandoning encryption altogether and focusing solely on data exfiltration and extortion.
ShinyHunters has been making quite a few headlines lately. Recently they claimed responsibility for several breaches including Panera Bread, Canva, Atlassian and many others. In all cases, the group targeted Okta single sign-on (SSO).
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
