SoundCloud Data Breach

14/12/2025 · 29,815,722 records · low risk

0 /100

Gravity Score

Critical

Calculated based on the types of data exposed (6 categories) and the volume of affected records (29,815,722).

On creator platforms, users often choose to make parts of their profile public, such as a stage name or follower counts. The privacy risk grows sharply when someone can connect that public presence to a private email address.

SoundCloud reported that it found unauthorised activity that enabled an attacker to link publicly visible profile information to email addresses for a significant portion of users. An extortion attempt followed, and the data was later released publicly.

The exposed information included email addresses alongside names, usernames, avatars, and profile statistics like follower and following counts. For some users, a country field was also included, adding extra context that can support targeted outreach.

Roughly 30 million unique email addresses were impacted. Even without passwords, the scale and the ability to map a public profile to an inbox can drive phishing campaigns and broader account targeting across the internet.

Exposed data

Avatars Email addresses Geographic locations Names Profile statistics Usernames

What to do based on this breach

Review your public SoundCloud profile and remove or reduce identifying details such as your real name in the name field or personal links

Be cautious with emails that mention your username, follower counts, or tracks, as these details can be used for convincing phishing

Enable two factor authentication on your email and on other accounts using the same address to reduce takeover risk

Consider using a separate email for public creator platforms and update your account details when the service allows it

What can we learn from this breach?

The takeaway is that linking public profile data with private identifiers like email can defeat the separation users expect. Platforms should prevent easy correlation and protect any mechanism that enables mapping profiles to inboxes. Strong monitoring for unusual activity and fast incident response help reduce the exposure window.

Was your data exposed?

Check now if your email appears in this breach. It's free, takes 30 seconds and requires no signup.

Check my email

Related breaches

Under Armour

16/11/2025 72,742,892 records moderate risk

3 data types in common

Raaga

14/12/2025 10,225,145 records high risk

3 data types in common

← All breaches