Audio streaming platform SoundCloud has confirmed a data breach affecting approximately 29.8 million user accounts — nearly one-fifth of its entire user base. The breach exposed email addresses, usernames, profile data, and other account information. Attackers attempted to extort SoundCloud before publicly releasing the stolen data in late 2025.
Learn how to protect yourself after a data breach on OpenClassActions.com.
What Happened
In December 2025, attackers breached SoundCloud’s systems and exfiltrated user account data for nearly 30 million accounts. The attackers initially attempted to extort SoundCloud, demanding payment in exchange for not releasing the data publicly. When SoundCloud did not meet their demands, the attackers published the stolen records online.
The exposed data includes email addresses, usernames, profile information, and potentially hashed passwords. While SoundCloud has not confirmed that passwords were compromised in plaintext, security experts recommend that all SoundCloud users change their passwords immediately and enable two-factor authentication.
Who Is Affected
Approximately 29.8 million SoundCloud accounts were affected. You can check whether your account was included in the breach by visiting the data breach notification service Have I Been Pwned (haveibeenpwned.com), which has cataloged the exposed records.
What You Should Do
Change your SoundCloud password immediately. If you used the same password on any other website or service, change those passwords too. Enable two-factor authentication on your SoundCloud account and any other accounts that share the same email address. Be vigilant for phishing emails that reference SoundCloud or attempt to impersonate the platform — attackers with your email address may craft targeted phishing messages.
This article is for informational purposes only and does not constitute legal advice. Written by Steve Levine for OpenClassActions.org.