Audio streaming platform SoundCloud has confirmed that outages and VPN connection points over the previous few days have been attributable to a safety breach through which menace actors stole a database exposing customers’ electronic mail addresses and profile info.
The disclosure follows widespread experiences over the previous 4 days from customers who have been unable to entry SoundCloud when connecting through VPN, with makes an attempt ensuing within the website displaying 403 “forbidden” errors.
In a press release shared with BleepingComputer, SoundCloud stated it just lately detected unauthorized exercise involving an ancillary service dashboard and activated its incident response procedures.
SoundCloud acknowledged {that a} menace actor accessed a few of its information however stated the publicity was restricted in scope.
“We perceive {that a} purported menace actor group accessed sure restricted information that we maintain,” SoundCloud instructed BleepingComputer.
“We have now accomplished an investigation into the info that was impacted, and no delicate information (corresponding to monetary or password information) has been accessed. The info concerned consisted solely of electronic mail addresses and data already seen on public SoundCloud profiles.”
BleepingComputer has realized that the breach impacts 20% of SoundCloud’s customers, which, based mostly on publicly reported person figures, may impression roughly 28 million accounts.
The corporate stated it’s assured that every one unauthorized entry to SoundCloud techniques has been blocked and that there isn’t any ongoing threat to the platform.
Working with third-party cybersecurity specialists, the corporate stated it took further steps to strengthen its safety, together with enhancing monitoring and menace detection, reviewing id and entry controls, and conducting an evaluation of associated techniques.
Nonetheless, the corporate’s response included a configuration change that disrupted VPN connectivity to the positioning. SoundCloud has not supplied a timeline for when VPN entry will probably be absolutely restored.
Following the response, SoundCloud skilled denial-of-service assaults that quickly disabled the platform’s internet availability.
After publishing our story, SoundCloud printed a safety discover with this info.
Whereas SoundCloud has not shared particulars concerning the menace actor behind the breach, BleepingComputer acquired a tip earlier at this time stating that the ShinyHunters extortion gang was accountable.
Our supply stated that ShinyHunters is now extorting SoundCloud after allegedly stealing a database containing details about its customers.
ShinyHunters can also be accountable for the PornHub information breach that was first reported at this time by BleepingComputer.
It is a growing story, and we are going to replace it as extra info turns into out there.
Damaged IAM is not simply an IT drawback – the impression ripples throughout your complete enterprise.
This sensible information covers why conventional IAM practices fail to maintain up with fashionable calls for, examples of what “good” IAM appears like, and a easy guidelines for constructing a scalable technique.
