December 15, 2025

Drop the bass, not the emails

Article URL →HN comments →

SoundCloud confirms breach after member data stolen, VPN access disrupted

Emails leaked, VPNs blocked, 28M affected — users cry foul and demand answers

TLDR: SoundCloud says a hacker stole user emails and public profile info for about 28 million accounts, then VPN access got blocked. Commenters are split between “change your passwords now” and “this smells deeper,” with jokes and worry about phishing driving the outrage.

SoundCloud says a hacker swiped “limited” data—emails and public profile info—affecting roughly 20% of users (that’s about 28 million). But the community isn’t buying the chill tone. When VPNs (virtual private networks) suddenly got blocked and 403 errors popped up, the mood flipped from lo-fi beats to full-on drama. One user linked the HN thread that kicked off the “did they ban VPNs?” spiral, while others joked, “No VPN, no vibes.”

Security-minded commenters are shouting “rotate your passwords” even though SoundCloud insists no passwords or financial data were touched. The hottest take: blocking VPNs means the breach is deeper than they admit. Another commenter confessed they’re praying old accounts were deleted under GDPR (Europe’s privacy law) — the internet collectively replied: “Same.” Meanwhile, tipsters say the ShinyHunters gang is extorting SoundCloud—the same crew tied to today’s PornHub breach—turning this into a grim double feature.

SoundCloud claims the bad guys are out and defenses are beefed up, but their fix broke VPN access and was followed by denial-of-service attacks that took the site down. The community is split: half call it clumsy damage control, half urge calm and better hygiene. Everyone agrees on one thing: email leaks mean phishing season is officially open.

Key Points

  • SoundCloud confirmed a security breach exposing user email addresses and public profile data, with no passwords or financial data accessed.
  • BleepingComputer reports the breach affects about 20% of SoundCloud’s users, roughly 28 million accounts based on public figures.
  • Incident response included configuration changes that disrupted VPN connectivity, causing 403 errors; no timeline was given for restoration.
  • SoundCloud says it blocked unauthorized access and, with third-party experts, enhanced monitoring, threat detection, and identity/access controls.
  • After the response, SoundCloud faced denial-of-service attacks; attribution remains unconfirmed, though a source alleges ShinyHunters is responsible and extorting the company.

Hottest takes

"Uh oh. I hope they have a nice GDPR compliant deletion policy" — eterm
"The VPN access disruption suggests the breach may be deeper than initially disclosed" — password-app
"What is the relation between blocking VPN and data breach?" — elashri

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.