Audio streaming platform SoundCloud has confirmed that outages and VPN connection points over the previous few days have been brought on by a safety breach during which risk actors stole a database exposing customers’ e-mail addresses and profile data.
The disclosure follows widespread experiences over the previous 4 days from customers who have been unable to entry SoundCloud when connecting through VPN, with makes an attempt ensuing within the web site displaying 403 “forbidden” errors.
In an announcement shared with BleepingComputer, SoundCloud stated it just lately detected unauthorized exercise involving an ancillary service dashboard and activated its incident response procedures.
SoundCloud acknowledged {that a} risk actor accessed a few of its information however stated the publicity was restricted in scope.
“We perceive {that a} purported risk actor group accessed sure restricted information that we maintain,” SoundCloud instructed BleepingComputer.
“We have now accomplished an investigation into the info that was impacted, and no delicate information (equivalent to monetary or password information) has been accessed. The info concerned consisted solely of e-mail addresses and data already seen on public SoundCloud profiles.”
BleepingComputer has discovered that the breach impacts 20% of SoundCloud’s customers, which, primarily based on publicly reported consumer figures, may influence roughly 28 million accounts.
The corporate stated it’s assured that every one unauthorized entry to SoundCloud programs has been blocked and that there isn’t a ongoing danger to the platform.
Working with third-party cybersecurity consultants, the corporate stated it took extra steps to strengthen its safety, together with bettering monitoring and risk detection, reviewing id and entry controls, and conducting an evaluation of associated programs.
Nonetheless, the corporate’s response included a configuration change that disrupted VPN connectivity to the location. SoundCloud has not offered a timeline for when VPN entry can be totally restored.
Following the response, SoundCloud skilled denial-of-service assaults that briefly disabled the platform’s internet availability.
After publishing our story, SoundCloud revealed a safety discover with this data.
Whereas SoundCloud has not shared particulars in regards to the risk actor behind the breach, BleepingComputer obtained a tip earlier at the moment stating that the ShinyHunters extortion gang was accountable.
Our supply stated that ShinyHunters is now extorting SoundCloud after allegedly stealing a database containing details about its customers.
ShinyHunters can also be answerable for the PornHub information breach that was first reported at the moment by BleepingComputer.
This can be a growing story, and we are going to replace it as extra data turns into obtainable.
Damaged IAM is not simply an IT downside – the influence ripples throughout your complete enterprise.
This sensible information covers why conventional IAM practices fail to maintain up with fashionable calls for, examples of what “good” IAM seems to be like, and a easy guidelines for constructing a scalable technique.
