- SoundCloud confirms unauthorized system access and data breach
- About 20% of its users saw their emails and public information trapped.
- Sources claim the attack was carried out by ShinyHunters
SoundCloud has confirmed that it suffered a cyberattack in which it lost sensitive data of approximately a fifth of its user base.
In a data breach notification posted on its website, SoundCloud said it “recently” detected unauthorized activity on an ancillary services panel.
A subsequent investigation found that a “group of threat actors” accessed certain data, mostly including user emails and information that would otherwise be visible on public SoundCloud profiles. The company said the breach affected approximately 20% of its users, which multiple sources say equates to approximately 28 million users.
VPN problems
“We understand that some limited data we have was accessed by a suspected group of threat actors,” the company said.
“We have completed an investigation into the data that was affected and no sensitive data (such as financial or password data) has been accessed. The data involved consisted solely of email addresses and information already visible on public SoundCloud profiles and affected approximately 20% of SoundCloud users.”
SoundCloud also hired a third-party cybersecurity company to help with analysis and containment and said that after the threat was removed, the attackers engaged in multiple denial-of-service attacks. Two of them managed to temporarily disable the availability of SoundCloud on the web.
There were also issues for users accessing the platform via VPN. How he explains it CyberInsiderSoundCloud can be accessed worldwide, but faces restrictions in certain regions, so VPN is essential for some users.
Those users were seeing ‘ERROR 403: The request could not be satisfied’ messages when trying to connect this way. At first, users believed this was due to geo-blocking or changes to IP filtering, but it was later explained that it was due to security tightening measures SoundCloud implemented after the breach.
Although not explained in detail, it is possible that the changes changed filtering rules or Web Application Firewall (WAF) policies. SoundCloud said it was currently working to fix this issue.
The company did not name the threat actors behind this attack, but media reports that it was the work of ShinyHunters, a ransomware group known for avoiding the encryption part and focusing solely on data exfiltration. The group is now reportedly negotiating a ransom payment with SoundCloud, but this information was not publicly confirmed.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
