SoundCloud has confirmed a security breach that led to outages and VPN connection issues over the past few days, with threat actors stealing a database containing users’ email addresses and public profile information.
On December 15, 2025, the audio streaming platform disclosed the breach following user reports of access problems. Users attempting to connect via VPN encountered 403 “forbidden” errors over the past four days. SoundCloud detected unauthorized activity on an ancillary service dashboard and activated its incident response procedures.
“We understand that a purported threat actor group accessed certain limited data that we hold,” the company said. An investigation confirmed the exposure included only email addresses and information visible on public SoundCloud profiles. No sensitive data, such as financial or password information, was accessed.
The breach affected 20% of SoundCloud’s users, impacting roughly 28 million accounts based on publicly reported figures. SoundCloud stated it has blocked all unauthorized access to its systems and confirmed no ongoing risk to the platform.
The company collaborated with third-party cybersecurity experts to enhance security measures. These steps included improving monitoring and threat detection, reviewing identity and access controls, and conducting an assessment of related systems.
During the response, a configuration change disrupted VPN connectivity to the site. SoundCloud has not provided a timeline for full VPN restoration.
After implementing these measures, SoundCloud faced denial-of-service attacks that temporarily disabled the platform’s web availability.
