SoundCloud has confirmed that recent outages and VPN-related access problems were caused by a security breach in which threat actors stole a database containing user information.
The disclosure follows widespread user reports over the past several days of being unable to access SoundCloud while connected to VPNs, with many encountering 403 “forbidden” errors.
In a statement shared with BleepingComputer, SoundCloud said it detected unauthorized activity involving an ancillary service dashboard and immediately activated its incident response procedures. The company acknowledged that a threat actor accessed some of its data but emphasized that the exposure was limited in scope.
According to SoundCloud, no sensitive data—such as passwords or financial information—was accessed. The compromised data consisted only of email addresses and information already publicly visible on SoundCloud profiles.
BleepingComputer reports that the breach may affect around 20% of SoundCloud users, which could translate to roughly 28 million accounts based on publicly available user numbers.
SoundCloud said it has blocked all unauthorized access and believes there is no ongoing risk to its systems. The company also worked with third-party cybersecurity experts to strengthen security by improving monitoring and threat detection, reviewing access controls, and assessing related systems.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
However, a configuration change made during the response disrupted VPN connectivity, and SoundCloud has not provided a timeline for when VPN access will be fully restored. Following the incident, the platform also experienced denial-of-service attacks that temporarily affected website availability.
