SoundCloud confirmed a security breach on its audio streaming platform where threat actors stole a database containing users’ email addresses and public profile information, causing outages and VPN connection issues with 403 “forbidden” errors over the past four days.
Users reported widespread inability to access SoundCloud when connected via VPN, as attempts triggered the site to display 403 “forbidden” errors. SoundCloud detected unauthorized activity on an ancillary service dashboard and immediately activated its incident response procedures.
“We understand that a purported threat actor group accessed certain limited data that we hold,” the company stated. SoundCloud completed an investigation into the impacted data, confirming no sensitive information such as financial details or passwords was accessed.
The stolen data included only email addresses and details already visible on public SoundCloud profiles. The SoundCloud breach affected 20% of SoundCloud’s users, equating to roughly 28 million accounts based on publicly reported user figures. SoundCloud expressed confidence that all unauthorized access to its systems has been blocked, eliminating any ongoing risk to the platform.
SoundCloud collaborated with third-party cybersecurity experts to bolster its defenses. These measures encompassed improvements to monitoring and threat detection capabilities, a review of identity and access controls, and a comprehensive assessment of related systems. The company’s response involved a configuration change that inadvertently disrupted VPN connectivity to the site.
SoundCloud has not announced a timeline for restoring full VPN access. Subsequent to these actions, the platform faced denial-of-service attacks, which temporarily disabled web availability.
