Powered by MOMENTUMMEDIA
For breaking news and daily updates, subscribe to our newsletter
user icon Login
Become a free member

SoundCloud confirms cyber incident following outages. Is ShinyHunters to blame?

Music and audio streaming site SoundCloud has confirmed that it suffered a cyber security incident, which led to service outages and limited VPN connection over the last few days.

author profile
Daniel Croft
Wed, 17 Dec 2025 Security
SoundCloud confirms cyber incident following outages. Is ShinyHunters to blame?

Over the last few days, SoundCloud users have reported being unable to connect to the platform and having VPN connection issues.

Now, in a statement on its website, the service has confirmed a cyber incident, adding that threat actors gained access to and exfiltrated data.

You’re out of free articles for this month

“SoundCloud recently detected unauthorised activity in an ancillary service dashboard. Upon making this discovery, we immediately activated our incident response protocols and promptly contained the activity,” the company said on its site.

 
 

SoundCloud added that after it contained the incident, it suffered a number of denial-of-service (DoS) attacks, two of which took down the website, preventing customers from accessing it.

Regarding stolen data, SoundCloud said the breach impacted roughly one in five users, but added that no sensitive data was stolen.

“We understand that a purported threat actor group accessed certain limited data that we hold,” SoundCloud said.

“We have completed an investigation into the data that was impacted, and no sensitive data (such as financial or password data) has been accessed.

“The data involved consisted only of email addresses and information already visible on public SoundCloud profiles and affected approximately 20 per cent of SoundCloud users.

“We are confident that any access to SoundCloud data has been curtailed.”

While SoundCloud did not attribute the attack to a threat group, it says it has been working with third-party cyber security professionals and has engaged its incident response protocols.

It has also bolstered some of its security systems, which it said caused the VPN connectivity issues.

“We are actively working to resolve these VPN related access issues,” it said.

Who is the threat actor?

While the hacker behind the incident is still unconfirmed, sources speaking with security publication BleepingComputer have suggested that the infamous ShinyHunters group is to blame.

The source told the publication that ShinyHunters is currently extorting SoundCloud after claiming to have exfiltrated a database with user information.

Believed to have formed in 2020, ShinyHunters is a financially motivated extortion actor known for targeting large businesses and publicly calling them out. Initially, the group had a strong presence on the well-known hacking forum BreachForums, but in recent times shifted to forming a supergroup alongside the notorious bogeyman of cyber crime, Scattered Spider, as well as Lapsus$ ransomware.

However, the group seems to be operating on its own once again, most recently claiming a cyber attack impacting PornHub and OpenAI.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.
Tags:
You need to be a member to post comments. Become a member for free today!

You have0 free articles left this month.
Register for a free account to access unlimited free content.
You have 0 free articles left this month.