Overview
- SoundCloud says attackers accessed only email addresses and information already visible on public profiles, with no passwords or financial data exposed.
- The incident impacted roughly one in five accounts, with reports estimating tens of millions of users affected.
- The company reports it has blocked unauthorized access, engaged third‑party cybersecurity firms, and strengthened monitoring and identity and access controls.
- Multiple denial‑of‑service attacks followed containment, and two briefly knocked out web availability before services were restored.
- Security outlets report ShinyHunters is claiming responsibility and attempting extortion, a claim SoundCloud has not verified.