SoundCloud has confirmed that a significant data breach first detected in December 2025 affected approximately 29.8 million user accounts. New verification of the leaked data clarifies the scope of the incident and highlights the practical risks for users of the music and audio platform. The breach did not involve a direct break-in to SoundCloud’s main user database. Instead, attackers gained unauthorized access to an internal system and used it to connect private email addresses with public profile information. This allowed them to build a large dataset linking user identities and contact details at scale.

What Information Was Exposed

The compromised dataset includes email addresses that were not previously visible to the public, usernames and display names, profile avatars and public statistics, follower and following counts, and, in some cases, general location data. SoundCloud has indicated that passwords, payment information, and private messages were not accessed.

How the Incident Happened

The breach stemmed from unauthorized access to an internal dashboard used by company staff. Once inside, attackers were able to extract user-related data without needing to break encryption or steal login credentials. The issue was discovered in December, after which SoundCloud began containment and investigation efforts. After attempting to pressure the company, the attackers later released the compiled data online. The total number of affected accounts has now been confirmed at nearly 30 million.

What This Means for You

If you have ever had a SoundCloud account, your information could be included. The breach covered a large portion of users, including older and inactive accounts. There is no indication that SoundCloud passwords or financial data were exposed, which lowers the chance of direct account takeover on SoundCloud itself. However, your email address is tied to many of your online accounts. When attackers know your email along with your username and profile details, they can craft convincing phishing emails that appear legitimate. This can also affect other services you use, especially if you reuse passwords. Attackers often test exposed email addresses across other platforms to see where credentials might match. Artists, podcasters, and other creators may face increased impersonation and scam attempts because public visibility makes their profiles more attractive for social engineering. Be cautious of emails about account problems you did not initiate, messages urging urgent login or payment, password reset notices you did not request, and unexpected collaboration or sponsorship offers.

What Users Should Do Now

Use strong, unique passwords for important accounts and enable two-factor authentication wherever possible. Do not click login links in unexpected emails and stay alert for suspicious messages that use your name or profile details.

The post SoundCloud Data Breach: Nearly 30 Million Accounts Confirmed Exposed appeared first on Centraleyes.

*** This is a Security Bloggers Network syndicated blog from Centraleyes authored by Rebecca Kappel. Read the original post at: https://www.centraleyes.com/soundcloud-data-breach-nearly-30-million-accounts-confirmed-exposed/