SoundCloud Breach

ShinyHunters, a cybercrime group known for extortion attacks against Microsoft, Ticketmaster, Jaguar Land Rover, and others, has been identified as a potential threat to strike again.

Previous SoundCloud Breach

This isn’t the first time SoundCloud has suffered a data breach. In December of 2025, SoundCloud was a victim of ShinyHunters due to an exposed management service dashboard. It’s unclear if the group gained access through compromised credentials or other means of entry. This breach lead to DDoD attacks and impacting user experience. This also led to the threat actors stealing over 28M accounts.

About The 2026 Breach

It has not been officially confirmed by SoundCloud how the breach occurred. However, based on posts from breach forums linked to ShinyHunters and intelligence from multiple cyber researchers, the evidence points toward a familiar tactic used by this group: vishing. This has resulted to 28+ million accounts being impacted with personal information stolen. The details of what this personal information includes has not been publicly disclosed.

It is widely alleged that the attackers leveraged vishing to compromise Okta accounts, socially engineer victims, and bypass MFA to gain unauthorized access. Okta has since issued communications warning customers about this wave of social engineering attacks, specifically calling out fraudulent phone calls where attackers pose as service desk technicians or employees requesting MFA assistance.

Awareness and Prevention

1. Verify Before You Comply

   No service desk will ever ask for your MFA code over the phone. If someone pressures you to “approve” a login or reset access, hang up and report it. Threat Actors thrive on urgency and emotions.

   
   

2. Caller ID Lies, Procedures Don’t

   Spoofed numbers are cheap. Follow official support workflows and call back through known internal channels. If it is real, they will not mind the extra verification. If it is fake, you just dodged a breach.

   
   

3. MFA Fatigue Is an Attack Vector

   Repeated push requests or “help desk” calls are a red flag, not an inconvenience. Deny, document, and alert security immediately.

   
   

4. Enable MFA Security Alerts

   Majority of MFA vendors have out-of-the-box alerting. Ensure this is being monitored and properly managed

   
   

5. Remind Your Business to Report

   Ensure internal escalation procedures to security is easy to find and follow. If you are a victim of a cyber breach, especially with ransomware, ensure you’re reporting in a timely manner. You can check your local federal governing laws by visiting your government’s website.