Comment by embedding-shape

5 hours ago

Importantly, 20% of the total userbase it seems:

> In December 2025, SoundCloud announced it had discovered unauthorised activity on its platform. The incident allowed an attacker to map publicly available SoundCloud profile data to email addresses for approximately 20% of its users. The impacted data included 30M unique email addresses, names, usernames, avatars, follower and following counts and, in some cases, the user’s country.

That's from the haveibeenpwned email which I received because of course I'm part of that 20%.

Remember to have unique passwords for each website kids, ideally with a password manager.

3 comments

embedding-shape

technion 4 hours ago

Whilst thats important advice, as far as I can tell it wouldnt help here as no passwords are breached. I had a few of our domain users on this report and as far as I can tell theres nothing actionable.

pluralmonad 4 hours ago

Also, never give out a direct email address, always an alias.

fragmede 28 minutes ago

and include a nonce. user+SoundCloud@gmail.com is obviously guessable. user+SoundCloudheuerue64@gmail.com ain't getting guessed.