SoundCloud data breach (2025) — what was exposed and what to do

What happened

According to public breach records, the SoundCloud data breach on December 15, 2025 is reported to have exposed the personal information of 29,815,722 accounts.

In December 2025, SoundCloud announced it had discovered unauthorised activity on its platform. The incident allowed an attacker to map publicly available SoundCloud profile data to email addresses for approximately 20% of its users. The impacted data included 30M unique email addresses, names, usernames, avatars, follower and following counts and, in some cases, the user’s country. The attackers later attempted to extort SoundCloud before publicly releasing the data the following month.

SoundCloud detected unauthorized activity on December 15, 2025, after users reported 403 "Forbidden" errors, and disclosed that an attacker had accessed an ancillary internal service dashboard that let them map publicly available profile data to email addresses for roughly 20% of its users (about 29.8 million accounts). No passwords or financial data were accessed — the leaked dataset consisted of email addresses, names, usernames, avatars, follower/following counts and, in some cases, a user's country. The extortion group ShinyHunters claimed responsibility, attempted to extort the company and harassed users via email flooding, then publicly released the data, which Have I Been Pwned indexed on January 27, 2026. ["Treat email tied to your real username and profile as a phishing target — be skeptical of any message about your SoundCloud account, especially fake 'breach response' or login-reset emails, and never click links in them; navigate to soundcloud.com directly.", "Although no passwords leaked, change your SoundCloud password and enable two-factor authentication, and update the password anywhere you reused it as a precaution.", "Watch for impersonation and targeted scams: with your name, username, avatar and location linked to your email, attackers can craft convincing personalized lures — verify sender identity before acting on any account or payment request.", "Consider tightening privacy settings or limiting the location/profile statistics visible on your public profile to reduce future correlation."]

What data was exposed

The following types of personal data were compromised:

• Avatars
• Email addresses
• Geographic locations
• Names
• Profile statistics
• Usernames

Breach details

This summary is compiled from public breach-notification data and known leak databases. Figures reflect what those sources report and may be revised as more is learned. If something here looks wrong or you think your information is involved, contact our support team.

We report breaches as a factual record to help people check their exposure. Inclusion here is not an allegation of wrongdoing or negligence by SoundCloud; it reflects a publicly reported security incident.

What to do now

Based on the data exposed in this breach, here are the steps you should take:

• Treat email tied to your real username and profile as a phishing target — be skeptical of any message about your SoundCloud account, especially fake 'breach response' or login-reset emails, and never click links in them; navigate to soundcloud.com directly.
• Although no passwords leaked, change your SoundCloud password and enable two-factor authentication, and update the password anywhere you reused it as a precaution.
• Watch for impersonation and targeted scams: with your name, username, avatar and location linked to your email, attackers can craft convincing personalized lures — verify sender identity before acting on any account or payment request.

Check your exposure

Data breaches are one of the ways your personal information ends up on data broker sites. Run a free scan to see which sites are exposing your personal data — and take action to remove it.

Sources

• Have I Been Pwned: SoundCloud Data Breach
• Have I Been Pwned: SoundCloud data breach impacts 29.8 million accounts