SoundCloud, the prominent audio streaming platform, disclosed on Monday that it has experienced a security breach, resulting in unauthorized access to limited user data. This incident comes on the heels of recent service disruptions that particularly impacted users accessing the platform via VPNs.
Compromise of User Data
The company confirmed that the breach was detected within an internal service system dashboard, which serves as a supporting infrastructure. In response, SoundCloud promptly restricted access to this system and enlisted a respected third-party cybersecurity firm to aid in the investigation and remediation process.
Reports indicate that the breach may have impacted around 20% of the user base, which could translate to millions of accounts, given SoundCloud’s extensive global reach of approximately 28 million users. The information that may have been accessed includes user email addresses and details already visible on public profiles. Importantly, SoundCloud reassured its users that no sensitive financial data, passwords, or payment information was compromised. The company expressed its confidence in having halted all unauthorized access to its systems.
In an official statement, SoundCloud detailed the breach as follows: “We recently detected unauthorized activity in an ancillary service dashboard. Upon this discovery, we activated our incident response protocols and managed to contain the activity swiftly.” According to sources, including Bleeping Computer, the cyber extortion group known as ShinyHunters is allegedly behind the attack. While SoundCloud refrains from naming the attackers, it refers to them as a “purported threat actor group.” Media reports suggest that ShinyHunters is pressuring the platform for payment to prevent the leaking of the accessed data.
SoundCloud reassured affected users, stating, “We understand that a purported threat actor group accessed certain limited data that we hold. Our investigation confirmed that no sensitive data, such as financial or password-related information, has been accessed.”
Service Disruptions and Subsequent Attacks
In the lead-up to the public disclosure of the breach, numerous users, particularly in regions like Russia, China, and Turkey—where the service is often blocked and necessitates VPN access—reported experiencing connection issues and encountering “403 Error” messages.
SoundCloud clarified that these connectivity challenges were an unintended consequence of their immediate security measures, which included implementing new configurations to enhance system protection. The company is actively working on solutions to restore normal access levels for all users.
Following the initial containment of the breach, SoundCloud faced several denial-of-service (DoS) attacks aimed at overwhelming the system with traffic, thereby rendering it temporarily inaccessible to legitimate users. The platform confirmed that two of these attacks did lead to short-lived disruptions of web access, although the app remains operational. They have advised users to remain vigilant concerning potential phishing attempts, which often follow data breaches. Implementing password changes and enabling two-factor authentication are also recommended to bolster account security.
In light of this breach, it’s crucial for business owners to understand the potential tactics that could have been leveraged during the attack, as delineated in the MITRE ATT&CK framework. Initial access may have been achieved via exploitation of vulnerabilities or phishing, followed by persistence through implanting backdoors. Consideration should also be given to privilege escalation tactics that would allow attackers more control over the compromised environment. Staying informed about these tactics is essential for organizations in fortifying their defenses against future threats.
