SoundCloud Breach Exposes 29.8 Million Emails to Hackers

What Was Stolen

Have I Been Pwned, the breach notification service, confirmed that 29.8 million SoundCloud accounts were compromised, affecting approximately 20% of the platform's user base. The stolen data includes:

• Email addresses (30 million unique)
• Usernames
• Full names
• Geographic locations
• Profile avatars
• Follower and following counts

SoundCloud has stated that no passwords or financial data were accessed. However, the combination of email addresses with profile information gives attackers everything they need to craft convincing phishing campaigns.

Who Is Behind It

The ShinyHunters extortion gang claimed responsibility for the breach. This group has operated since around 2020 and has built a reputation for large scale data theft followed by extortion demands. If victims don't pay, the stolen data gets published or sold.

SoundCloud first discovered unauthorized activity in December 2025. By January 15, 2026, the company disclosed that attackers had attempted extortion and launched email harassment campaigns against users. On January 27, the full scope of the breach became public when Have I Been Pwned added the dataset to its database.

ShinyHunters is also connected to a broader wave of attacks targeting single sign on (SSO) accounts at Okta, Microsoft, and Google. However, the group indicated that the SoundCloud breach did not originate from compromised Okta credentials.

Part of a Larger Campaign

SoundCloud wasn't the only target. On the same day the breach was published, ShinyHunters also leaked data allegedly stolen from Crunchbase, the market intelligence platform, and Betterment, the financial technology firm.

The group typically relies on compromised credentials, social engineering, and weak identity controls to gain initial access. Once inside, they exfiltrate data and then contact victims with ransom demands. Organizations that refuse to pay see their data published on hacking forums.

This pattern means the SoundCloud data is now freely available to anyone who knows where to look, including scammers, spammers, and identity thieves.

What This Means for Your Inbox

Thirty million email addresses in the hands of criminals is a phishing goldmine. Attackers now have:

• Confirmed active emails. These aren't scraped or guessed addresses. They're verified accounts tied to real users.
• Personal context. Knowing someone's name, username, and location makes phishing emails dramatically more convincing.
• Platform targeting data. Attackers know these users engage with SoundCloud, enabling highly specific impersonation campaigns.

Expect to see phishing emails that appear to come from SoundCloud, warning about account issues, subscription changes, or security alerts. These messages will direct victims to fake login pages designed to steal passwords.

How to Protect Yourself

If you have a SoundCloud account, assume your email address was exposed. Take these steps:

Check Have I Been Pwned. Visit haveibeenpwned.com and search for your email address to confirm whether you're affected.

Change your SoundCloud password. Even though passwords weren't included in this breach, changing it prevents access if credentials were stolen through other means.

Enable two factor authentication. If SoundCloud offers 2FA, enable it. This adds a second layer of protection even if your password is compromised.

Watch for phishing emails. Be extremely skeptical of any email claiming to be from SoundCloud, especially messages about account problems or security concerns. Verify by logging in directly through the SoundCloud website, never through links in emails.

Check if you reused that password. If you used the same password on SoundCloud as other services, change those passwords immediately. Credential stuffing attacks, where hackers try stolen passwords on multiple platforms, are extremely common after breaches.

The Extortion Economy

SoundCloud is just the latest example of a growing trend: data theft without ransomware encryption. ShinyHunters and similar groups have discovered that simply stealing data and threatening to publish it is often more profitable than locking systems.

For companies, paying ransom doesn't guarantee anything. The data may already be copied, sold, or shared with other criminal groups. For users, the stolen information enters a permanent underground economy where it gets recycled indefinitely.

Your SoundCloud email address may surface in phishing campaigns, spam lists, and social engineering attacks for years to come. The breach is over, but the consequences are just beginning.

Looking Ahead

This breach joins a growing list of music and entertainment platforms that have been compromised. User databases containing email addresses are valuable precisely because they enable targeted attacks.

Every service you sign up for adds your email to another potential target. When breaches happen, that email becomes ammunition for scammers. The best defense is vigilance: unique passwords for every service, two factor authentication wherever possible, and skepticism toward any unexpected email, no matter how legitimate it appears.

Your inbox is the gateway to your digital life. Treat every message from a recently breached service as potentially hostile.