Comment by forgotaccount3
4 hours ago
Maybe the two public data points weren't connected before?
I don't use SoundCloud, but if profiles didn't have contact information like Email Address on them then it could be meaningful to now connect those two dots.
Like, 'Hey look, Person A, who is known to use email address X, kept Lost Prophets as one of their liked artists even after 2013!'
Yeah or this: https://news.ycombinator.com/item?id=26386418
SoundCloud is a weird place, people in entertainment have certain strong incentives. They figured out who I am, figured out all the email addresses I have, jacked the account attached to my SoundCloud, stole my account. I still to this day, don't know how they pwned my email (tfa was on but it didn't trigger suspicious activity it let them login without triggering it, no clue how they got the password either and the password is secure enough that it's too hard to brute force, and it's not in a pwned db). Based on what was in my soundcloud inbox when I got access again, someone paid a fair amount to have this done... and now I have to go change my email again I suppose.
Organized crime stealing usernames was apparently a thing for a few years back there, interesting it wasn't limited to Twitter.
But, why care? (Yes, we can “care” that there was a leak - but… why worry? what new risk exists today that didn’t yesterday?)
The data in the leak (other than follower count, etc) was already available for purchase from Zoominfo, 8sense, or a variety of other data brokers or other legal marketplaces for PII.
I suppose the risk now is that the data is freely available and no longer behind a data broker’s paywall?
Isn't that a huge GDPR violation?
I'm confused, where were scrapers/data brokers/Zoominfo etc. were getting email addresses for SoundCloud accounts?
They don’t. I’m confused why that info is valuable.
2 replies →
You are 100% correct based on article. Not good that you're gray, and your parent of "who cares it was already available and scraped" is the top comment.