SoundCloud Hack: 30 Million Accounts Affected, Data Now in HIBP Database

Personal data of millions of users has been leaked from the online music service SoundCloud. The Have I Been Pwned project (HIBP) has now added the hack to its database. The service can be used to check if your own email address appears in data leaks.

Leaked User Data

As revealed in a current HIBP post, 29.8 million accounts are affected by the IT security incident from December of last year. Attackers copied publicly accessible account data of users on a large scale. Payment data and passwords are not said to be included. The copied data includes:

• Avatars
• Email address
• Geographic locations
• Names
• Usernames
• Profile statistics

In a statement, SoundCloud states that the copied data affects around 20 percent of users. The online music service explains that the attackers targeted a dashboard for additional services. Further details about the attack are not yet known.

In the statement updated on January 13, SoundCloud states that the criminals are already sending extortionate emails to employees and users of the service. Accordingly, SoundCloud users should currently evaluate emails very critically. After all, attackers can use the data to craft phishing emails to extract valuable data from victims. Such messages should be deleted immediately and under no circumstances should links be clicked or file attachments opened.

As a rule, criminals extort attacked companies and threaten to leak the stolen data. It is currently unknown whether ransom was paid in this case. The archive with the SoundCloud user data was already offered for download by the alleged attackers from ShinyHunters on their leak site.

(des)