Cyber Incident Victim: SoundCloud

On December 16, 2025, SoundCloud disclosed unauthorized activity within an ancillary service dashboard, prompting activation of incident response protocols. The company engaged third-party cybersecurity experts to investigate, revealing that attackers had accessed limited user data including email addresses and information visible on public profiles. SoundCloud confirmed no exposure of sensitive data such as passwords or financial details. The breach timeline indicated that VPN access issues reported by users in preceding days were unrelated to the initial intrusion but resulted from defensive configuration changes implemented during incident response. Following containment measures that removed threat actors from systems, SoundCloud faced retaliatory distributed denial-of-service (DDoS) attacks targeting its infrastructure. Two of these attacks successfully disrupted the platform’s web version temporarily, though service was restored without prolonged downtime.

The company maintained that attackers had been fully evicted from compromised systems following containment actions. Forensic analysis confirmed the breach scope remained confined to non-sensitive profile data, with no evidence of lateral movement into core payment or authentication systems. Post-incident disruptions extended beyond the DDoS attacks, as VPN-related accessibility problems persisted for some users due to security configuration adjustments. SoundCloud acknowledged these VPN issues as collateral impacts of its defensive measures and stated on December 16 that engineers were actively working to restore normal access. No additional data exfiltration or system compromises occurred after the initial containment, though the company continued monitoring for anomalous activity. Service interruptions were limited to temporary web version outages during the DDoS incidents and ongoing VPN connectivity challenges stemming from security hardening efforts.