SoundCloud Confirms Security Breach Leading to Outages and VPN Connection Issues

SoundCloud, the popular audio streaming platform, has officially announced that recent outages and VPN connection problems were a result of a security breach where malicious actors gained access to a database containing user data.

Users had reported difficulties accessing SoundCloud via VPN in the past few days, encountering 403 “forbidden” errors when attempting to connect, signaling the underlying security breach.

Following the incident, SoundCloud promptly detected unauthorized activity related to a service dashboard and activated its incident response procedures to address the breach.

Despite confirming that a threat actor had accessed some of their data, SoundCloud reassured users that the impact was limited, with no sensitive information like financial or password data compromised. The exposed data mainly included email addresses and information already visible on public SoundCloud profiles.

Reports indicate that approximately 20% of SoundCloud’s users, potentially affecting around 28 million accounts based on public user figures, were impacted by the breach.

SoundCloud emphasized that all unauthorized access to their systems has been blocked, ensuring no ongoing risk to the platform. The company collaborated with cybersecurity experts to enhance security measures, including improved monitoring, threat detection, and a review of identity and access controls.

Unfortunately, a configuration change implemented during the response disrupted VPN connectivity to the site, with no specified timeline for full restoration. Additionally, SoundCloud faced denial-of-service attacks following the incident, temporarily affecting web availability.

While specifics about the threat actor remain undisclosed by SoundCloud, there are reports linking the ShinyHunters extortion group to the breach. Allegedly, ShinyHunters is extorting SoundCloud after obtaining a database containing user information. This group was also reportedly involved in the recent PornHub data breach.

As the situation unfolds, stay tuned for updates on this developing story.