We are committed to communicating transparently with our community. Out of that commitment, we are reaching out to SoundCloud users and partners to make them aware of an incident that SoundCloud has identified and addressed. The issue has been resolved, and there is no ongoing risk to the security or availability of the platform. Additional details on what happened and what we are doing, are outlined below.

What Happened

SoundCloud recently detected unauthorized activity in an ancillary service dashboard. Upon making this discovery, we immediately activated our incident response protocols and promptly contained the activity. We also engaged leading third-party cybersecurity experts to assist in a thorough investigation and response. Following the containment, SoundCloud experienced denial of service attacks, two of which were able to temporarily disable our platform's availability on the web only. 

We understand that a purported threat actor group accessed certain limited data that we hold. We have completed an investigation into the data that was impacted, and no sensitive data (such as financial or password data) has been accessed. The data involved consisted only of email addresses and information already visible on public SoundCloud profiles and affected approximately 20% of SoundCloud users.

We are confident that any access to SoundCloud data has been curtailed. ‍

How We Responded

Working with independent cybersecurity experts, we have taken immediate steps to further strengthen our systems, including: enhancing our monitoring and threat-detection, reviewing and reinforcing identity and access controls and conducting a comprehensive audit of related systems. As part of these updates, some configuration changes have caused some users on VPNs to experience temporary connectivity issues. We are actively working to resolve these VPN related access issues.

What You Can Expect Next

Protecting the privacy and security of our users, employees and partners remains our highest priority. We’ll continue to share updates as we learn more and are committed to keeping you informed. We’re taking steps to reduce the risk of similar issues in the future.

As always, we recommend our users to follow general best online security practices, remain vigilant and be aware of phishing attempts.