- SoundCloud breach exposed ~30 million user emails and profile data in December 2025
- Attackers attempted extortion before publicly releasing stolen information
- ShinyHunters linked to breach, continuing Okta SSO-targeted campaigns
We now have confirmation exactly how many people were affected by the December 2025 breach at SoundCloud, as well as how users can check if they are affected.
In mid-December 2025, SoundCloud confirmed suffering a cyberattack and losing sensitive data on about 20% of its user base - approximately 28 million people.
The company did not share the exact number of affected users, but BleepingComputer picked up that Have I Been Pwned? (HIBP) Added 29.8 million accounts to its platform. HIBP is a database of email addresses stolen in different breaches, where people can see if their addresses were exposed.
ShinyHunters strike again
"In December 2025, SoundCloud announced it had discovered unauthorized activity on its platform. The incident allowed an attacker to map publicly available SoundCloud profile data to email addresses for approximately 20% of its users," HIBP said in a notification.
"The impacted data included 30M unique email addresses, names, usernames, avatars, follower and following counts and, in some cases, the user's country. The attackers later attempted to extort SoundCloud before publicly releasing the data the following month."
As per HIBP data, the attackers stole email addresses, geographic locations, names, usernames, and profile statistics.
In a data breach notification posted on its website, SoundCloud said it detected unauthorized activity in an ancillary service dashboard, which resulted in the attackers stealing user emails and information otherwise visible on public SoundCloud profiles.
BleepingComputer also reported that the attack was carried out by ShinyHunters, an infamous ransomware gang known for giving up on encryptors entirely and focusing solely on data exfiltration and extortion.
ShinyHunters have been making quite a few headlines lately. Recently, they claimed responsibility for multiple breaches, including Panera Bread, Canva, Atlassian, and many others. In all instances, the group targeted Okta single sign-on (SSO).
Via BleepingComputer
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
