Overview
- Roughly 29.8 million accounts—about one fifth of SoundCloud's active users—had emails, names, usernames, locations and profile metadata taken.
- The hacker group ShinyHunters claimed responsibility, attempted to extort the company, then posted the dataset after demands were rebuffed.
- SoundCloud says passwords and payment information were not compromised, but the compiled data increases the usefulness of targeted scams.
- The leak is now indexed by Have I Been Pwned, enabling users to check whether their email addresses appear in the dataset.
- Security guidance urges vigilance for phishing and harassment emails, along with enabling two-factor authentication and using a password manager.