529/68 Wednesday, December 17, 2025
Audio streaming platform SoundCloud has confirmed that recent service disruptions and issues accessing the platform via VPN connections were caused by a data breach, following unauthorized access to and theft of a portion of its user database. The incident aligns with widespread user reports of being unable to access SoundCloud while using VPNs, often encountering HTTP 403 Forbidden error messages.
SoundCloud stated that it detected unauthorized activity involving an ancillary service dashboard and immediately initiated an incident response. The investigation found that attackers gained access to limited user data, but no sensitive information-such as passwords or financial details-was compromised. The affected data includes email addresses and information already visible on public SoundCloud profiles. However, reports suggest that the incident may have impacted approximately 20% of SoundCloud’s user base, or roughly 28 million accounts.
The company confirmed that all unauthorized access has been blocked and that there is no ongoing risk at this time. SoundCloud is working with external cybersecurity experts to strengthen its security posture, including enhanced monitoring and threat detection, privileged access management reviews, and security assessments of related systems. Some of these mitigation measures have temporarily affected VPN connectivity, and SoundCloud has not yet provided a clear timeline for resolution. Additionally, there are reports that the platform has been targeted by Denial-of-Service (DoS) attacks, which SoundCloud continues to monitor and investigate.
