In the last few days there has been a lot going on at SoundCloud and not only musically. The streaming service has officially confirmed: There was a massive security incident in which hackers came across user data.
The attack: What SoundCloud says
According to SoundCloud, Unauthorised activity discovered on an ancillary service dashboard. Immediately, the incident response team was activated, activities were curbed, and external cybersecurity experts were called in.
After the containment, it came to Denial-of-service (DoS) attacks, which have at times severely affected the web availability of SoundCloud. The good news: SoundCloud emphasizes that the problem fixed is and No running risk There is more for the platform or the users.
Short & short:
| What happened | Hacker attack on SoundCloud: Unauthorized activity on an internal dashboard, followed by DoS attacks. |
|---|---|
| What is Affected | E-mail addresses and public profile information of around 20 % the user (approximately 28 million accounts). |
| What is not affected | Passwords, payment or other sensitive data are secure, according to SoundCloud. |
| The consequences | Outages, web availability temporarily restricted, VPN connections partially blocked. |
| background | Evidence points to hacker group ShinyHunters SoundCloud is reportedly blackmailing. |
| What you can do | Change password, watch out for phishing, enable two-factor login, create backups. |
What data is affected?
SoundCloud refers to ‘certain limited data’, i.e. limited data accessed by a group of hackers. Specifically, these are:
- E-mail addresses
- Information already visible on public SoundCloud profiles (e.g. usernames, profile pictures, public statistics)
According to SoundCloud, No sensitive data such as passwords, payment details or credit card information! This is an important detail that defuses the situation (something).
According to BleepingComputer, the incident around 20 % the SoundCloud Users, With a user base of about 140 million registered accounts, 28 million accounts corresponding.
Who's behind it?
SoundCloud itself does not name the attackers, but BleepingComputer reports that an indication suggests that the known Hacker group ShinyHunters behind the attack.
ShinyHunters is a so-called ‘extortion gang’ that has attacked and blackmailed several major platforms in the past. Also the Current Data Leak Incident at Pornhub It is attributed to this group.
After these hints, ShinyHunters SoundCloud should now blackmailing, after they have stolen a database of user information.
Why were there problems with VPNs?
Many users have reported in recent days that they have been unable to access SoundCloud via VPNs, or have been unable to do so at all; often with a ‘403 Forbidden’ error message.
SoundCloud explains that these problems are caused by Configuration changes in the course of security measures have arisen. The platform has hardened its systems to prevent further attacks, apparently restricting access via certain VPNs.
So far there are No fixed schedule, When VPN access will be fully restored, but SoundCloud is working to fix the issues.
What SoundCloud does now
To prevent similar incidents in the future, SoundCloud, together with external security experts, has taken the following steps:
- Improved Monitoring and threat detection
- Review and strengthening of Identity and access controls
- Comprehensive Testing of related systems
In addition, SoundCloud promises to continue to treat the privacy and security of users, employees and partners as a top priority and to provide transparent information on new findings.
What you can do now
Even though SoundCloud emphasizes that no passwords or payment data are affected, caution is better than indulgence. Here are some practical tips for you:
- Change your SoundCloud password Do not use the same password for other important services.
- Watch out for phishing emails Hackers could now try to get more data via fake emails.
- Enable two-factor authentication (2FA) as soon as it is available.
- Secure your tracks locally or in another cloud A backup can save a lot of trouble in an emergency.
A wake-up call for the music community
This attack does not affect just one company; no this meets an entire community where creativity and passion meet. For many artists, DJs and listeners, SoundCloud is more than just a streaming service: It is a stage, a place of discovery, a home for music.
When a platform like SoundCloud wobbles, a piece of network culture wobbles along. Maybe this is also an opportunity: A reminder that data security is not a marginal issue, but just as important as the beat of your next track.
EN 
DE 
ES 
FR 
IT