Comment by Alifatisk
4 hours ago
> the impacted data included 30M unique email addresses, names, usernames, avatars, follower and following counts and, in some cases, the user’s country
4 hours ago
> the impacted data included 30M unique email addresses, names, usernames, avatars, follower and following counts and, in some cases, the user’s country
Importantly, 20% of the total userbase it seems:
> In December 2025, SoundCloud announced it had discovered unauthorised activity on its platform. The incident allowed an attacker to map publicly available SoundCloud profile data to email addresses for approximately 20% of its users. The impacted data included 30M unique email addresses, names, usernames, avatars, follower and following counts and, in some cases, the user’s country.
That's from the haveibeenpwned email which I received because of course I'm part of that 20%.
Remember to have unique passwords for each website kids, ideally with a password manager.
Whilst thats important advice, as far as I can tell it wouldnt help here as no passwords are breached. I had a few of our domain users on this report and as far as I can tell theres nothing actionable.
Also, never give out a direct email address, always an alias.
If I’m understanding correctly, it sounds like, aside from the email addresses, all the data leaked was already publicly available on users’ SoundCloud profiles. The only novel aspect is linking that public data to the accounts’ email addresses.
That step makes a big difference though.