- SoundCloud confirms unauthorized system access and data breach
- About 20% of its users had their emails and public information intercepted
- Sources claim that the attack was carried out by ShinyHunters
SoundCloud has confirmed it suffered a cyber attack in which it lost sensitive data on around a fifth of its user base.
In a data breach notice posted on its website, SoundCloud said it “recently” detected unauthorized activity in an associated service dashboard.
A subsequent investigation discovered that a “threat actor group” gained access to certain data, which mostly includes user emails and information otherwise visible on public SoundCloud profiles. The company said the breach affected about 20% of its users, which equates to about 28 million users, according to multiple sources.
VPN problems
“We understand that an alleged threat actor group gained access to certain restricted data that we have,” the company said.
“We have completed an investigation into the data that was affected and no sensitive data (such as financial data or password data) was accessed. The data involved only consisted of email addresses and information that was already visible on public SoundCloud profiles and affected approximately 20% of SoundCloud users.”
SoundCloud also brought in a third-party cybersecurity firm to help with the analysis and containment, and said that after the threat was eliminated, the attackers engaged in multiple denial-of-service attacks. Two of them managed to temporarily disable SoundCloud’s web accessibility.
There were also issues for users accessing the platform via VPN. As explained by CyberInsiderSoundCloud is available globally, but faces restrictions in certain regions, which is why VPN is essential for some users.
These users saw ‘403 ERROR – The request could not be satisfied’ messages when they tried to connect this way. At first, users thought this was due to geoblocking or changes in IP filtering, but it was later explained that it was due to security hardening measures that SoundCloud implemented after the breach.
Although it was not explained in detail, it is possible that the changes changed filtering rules or Web Application Firewall (WAF) policies. SoundCloud said it was currently working to fix this issue.
The company did not name the threat actors behind this attack, but the media reports that this was the work of ShinyHunters, a ransomware group known to avoid the encryption part and focus solely on data exfiltration. The group is reportedly now negotiating a ransom payment with SoundCloud, but this information was not publicly confirmed.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
