Audio streaming platform SoundCloud has confirmed that outages and VPN connection points over the previous few days had been attributable to a security breach wherein menace actors stole a database containing person data.
The disclosure follows widespread stories over the previous 4 days from customers who had been unable to entry SoundCloud when connecting through VPN, with makes an attempt ensuing within the website displaying 403 “forbidden” errors.
In an announcement shared with BleepingComputer, SoundCloud mentioned it not too long ago detected unauthorized exercise involving an ancillary service dashboard and activated its incident response procedures.
SoundCloud acknowledged {that a} menace actor accessed a few of its knowledge however mentioned the publicity was restricted in scope.
“We perceive {that a} purported menace actor group accessed sure restricted knowledge that we maintain,” SoundCloud instructed BleepingComputer.
“Now we have accomplished an investigation into the info that was impacted, and no delicate knowledge (akin to monetary or password knowledge) has been accessed. The info concerned consisted solely of e-mail addresses and knowledge already seen on public SoundCloud profiles.”
BleepingComputer has realized that the breach impacts 20% of SoundCloud’s customers, which, primarily based on publicly reported person figures, might impression roughly 28 million accounts.
The corporate mentioned it’s assured that each one unauthorized entry to SoundCloud programs has been blocked and that there isn’t any ongoing danger to the platform.
Working with third-party cybersecurity consultants, the corporate mentioned it took extra steps to strengthen its security, together with enhancing monitoring and menace detection, reviewing identification and entry controls, and conducting an evaluation of associated programs.
Nonetheless, the corporate’s response included a configuration change that disrupted VPN connectivity to the positioning. SoundCloud has not offered a timeline for when VPN entry might be totally restored.
Following the response, SoundCloud skilled denial-of-service assaults that briefly disabled the platform’s net availability.
Whereas SoundCloud has not shared particulars concerning the menace actor behind the breach, BleepingComputer acquired a tip earlier immediately stating that the ShinyHunters extortion gang was accountable.
Our supply mentioned that ShinyHunters is now extorting SoundCloud after allegedly stealing a database containing details about its customers.
ShinyHunters can be answerable for the PornHub data breach that was first reported immediately by BleepingComputer.
This can be a growing story, and we are going to replace it as extra data turns into accessible.
Damaged IAM is not simply an IT drawback – the impression ripples throughout your entire enterprise.
This sensible information covers why conventional IAM practices fail to maintain up with trendy calls for, examples of what “good” IAM appears to be like like, and a easy guidelines for constructing a scalable technique.
