SoundCloud Data Leak Exposed 29.8 Million Accounts, And Emails Alone Are Enough for Scammers

Nearly 30 million SoundCloud users had their accounts tied to a security incident discovered in December 2025, and the fallout isn’t about stolen passwords or credit card numbers.

Instead, attackers allegedly linked private email addresses to public-facing SoundCloud profiles, creating a ready-made hit list for targeted phishing, impersonation, and extortion attempts. If you’ve ever posted music, promoted a project, or built a following on the platform, that connection can be all a scammer needs to sound convincing.

SoundCloud has said the exposed information did not include passwords, payment data, or private content. But cybersecurity experts warn that pairing an email with a creator identity, username, avatar, follower counts, can supercharge scams designed to trick people into handing over their login credentials.

SoundCloud says 29.8 million accounts were affected

SoundCloud confirmed that 29.8 million accounts were implicated in the incident, detected in mid-December 2025. That’s a sizable chunk of the platform’s user base, about 20% based on the figures cited in reports.

Some users reported login problems and error messages around the same time. That kind of disruption can happen when security teams lock down internal systems, reset sessions, or tighten access rules after spotting suspicious activity.

The key detail: the data involved wasn’t the usual jackpot, no passwords, no banking information. What was exposed, according to published accounts of the incident, were email addresses linked to profile details such as display names, usernames, avatars, follower/following counts, profile stats, and sometimes a country field.

On its own, a SoundCloud profile can be public while the email stays hidden. The leak allegedly bridged that gap at scale, meaning scammers no longer have to guess which email belongs to which creator.

How an internal dashboard allegedly helped attackers connect emails to public profiles

Reports describe an unauthorized intrusion into an internal administrative dashboard, an interface typically reserved for moderation, customer support, or backend management. Once inside, attackers could allegedly “map” email addresses to profiles that were already visible to the public.

This wasn’t described as malware on users’ devices. The intrusion appears to have been aimed at SoundCloud’s infrastructure, potentially involving compromised credentials, what security professionals often call “valid accounts”, or weak protections around internal access and APIs.

At that point, the biggest risk becomes mass extraction. Large-scale scraping tends to leave telltale signs: repeated failed logins, successful access from unusual locations, and abnormal request volumes. For a dataset approaching 30 million accounts, the collection would have required a deliberate, organized effort.

Even without passwords, a clean list of real emails tied to real identities can fuel attacks elsewhere. People reuse emails across services, and scammers can use SoundCloud-specific details to make phishing messages feel personal, and therefore believable.

ShinyHunters is linked to the leak and alleged extortion

The incident has been attributed in reporting to ShinyHunters, a hacking group known for data-theft operations and extortion. The playbook is familiar: steal data, pressure the company, threaten to publish, then dump the material if negotiations fail, or if public damage is the point.

In this case, the timeline described in reports points to an attempted extortion followed by the data being posted online in January 2026.

That lag matters. Data often circulates privately before it hits public forums, and that’s when targeted scam campaigns can ramp up, before most users even realize they’re at risk. Once a dataset becomes widely available, copycat scammers pile in.

One tactic mentioned in connection with the leak: “email flooding,” where attackers bombard inboxes with messages to bury a real warning, or to push victims into clicking a fake “unsubscribe” link that leads to a phishing page.

Why “no passwords were stolen” doesn’t mean you’re safe

Hearing that passwords weren’t exposed can create a false sense of security. The bigger threat here is targeted phishing: an email is a universal identifier, and profile details provide the personalization that makes scams work.

A generic “your account is locked” email is easier to spot. A message that uses your exact SoundCloud handle, references your follower count, and includes your avatar, or claims to, can look like it came from SoundCloud support, a label, a promoter, or a brand.

Common lures include “account reactivation,” “suspicious activity,” or copyright/monetization warnings, especially effective against creators who worry about takedowns or lost reach. The goal is simple: get you to click a link, land on a fake login page, and type in your credentials.

The leak can also enable impersonation. If someone knows your email and your creator identity, they can pose as you to collaborators, brands, or other artists, turning a privacy breach into a reputational and financial risk.

What SoundCloud users can do right now

Start by checking whether your email appears in known breach datasets using a reputable notification service like Have I Been Pwned. The point isn’t to panic, it’s to understand whether you should expect more targeted, more convincing messages.

Next, lock down your account. Even if SoundCloud says passwords weren’t exposed, changing your SoundCloud password is still smart, especially if you’ve reused it elsewhere. Turn on two-factor authentication if it’s available for your account, and review active sessions.

Be ruthless about links. If you get an urgent email claiming to be SoundCloud, don’t click through. Open the app or type the URL yourself. That one habit breaks a huge percentage of phishing attempts.

Finally, reduce what scammers can connect. The less your email, usernames, and social accounts line up publicly, the harder it is to build a convincing con. For creators who use SoundCloud as a portfolio, that extra friction can be the difference between a close call and a takeover.