A data breach at SoundCloud that came to light in December 2025 is now becoming clearer. The data breach monitor Have I Been Pwned added the leaked dataset to its database this week, revealing the true extent of the impact.
SoundCloud is a global audio platform where artists and listeners come together and where hundreds of millions of music and audio tracks are hosted.
In mid-December, SoundCloud reported that it had detected unauthorized activity within its infrastructure. This happened after users encountered problems logging in and received error messages. The company then stated that the incident was related to a support service and that no sensitive data such as passwords or payment information had been compromised. Communication about the number of accounts affected remained limited.
That uncertainty has now largely disappeared, according to an article by BleepingComputer. Have I Been Pwned has determined that data from approximately 29.8 million accounts appear in the leaked file. This includes email addresses in combination with profile information such as usernames, names, avatars, follower counts, and in some cases, the user’s country. Although some of this information was publicly visible, the link to email addresses makes the dataset attractive for misuse.
Its inclusion in Have I Been Pwned has made the data breach publicly verifiable. Users can check whether their email address is part of the leaked data, something that was not possible before. The same applies to security researchers and organizations: the extent of the breach has now been concretely established.
ShinyHunters carried out the attack
In the background, the attack is attributed to ShinyHunters, which focuses on extortion. SoundCloud previously confirmed that attackers were trying to exert pressure, including through large-scale email campaigns targeting users and employees. According to BleepingComputer, no details about any negotiations or further consequences have been shared.