SoundCloud, an online audio streaming platform popular among artists sharing and promoting music, has disclosed a data breach affecting millions of users. Attackers have exfiltrated email addresses, along with other publicly available data.
The company stated that it recently detected unauthorized activity in an ancillary service dashboard, and the threat actor group accessed “certain limited data.”
“The data involved consisted only of email addresses and information already visible on public SoundCloud profiles and affected approximately 20% of SoundCloud users,” the company said in a statement.
SoundCloud hosts over 400 million tracks from 40 million global creators. According to third-party estimates, the platform could have around 140 million total users.
“We have completed an investigation into the data that was impacted, and no sensitive data (such as financial or password data) has been accessed,” the company said.
Bleeping Computer reports receiving a tip that the ShinyHunters extortion gang might be responsible for the cyberattack and subsequent extortion attempts. However, SoundCloud hasn’t disclosed any details about the suspected threat actor.
Before the data breach disclosure, SoundCloud users had experienced connectivity issues, with many reporting that they were unable to access the platform when using VPNs, encountering a “403 Error.”
The company confirmed that the issues were related to the response to the data breach.
“We have taken immediate steps to further strengthen our systems, including: enhancing our monitoring and threat-detection, reviewing and reinforcing identity and access controls, and conducting a comprehensive audit of related systems,” SoundCloud said.
“As part of these updates, some configuration changes have caused some users on VPNs to experience temporary connectivity issues. We are actively working to resolve these VPN related access issues.”
The platform has contained the malicious activity and is certain that “the issue has been resolved, and there is no ongoing risk to the security or availability of the platform.”
However, following the containment, the platform experienced further denial of service attacks, two of which were able to temporarily disrupt the platform’s availability on the web.
SoundCloud recommends that users be aware of potential phishing attacks, which are commonly observed following significant data breaches.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked