SoundCloud has confirmed that the problems with service disruption and user data access through VPN that have been experienced by users over the past days have resulted from a breach in its security.
For almost four days, users trying to connect to SoundCloud via their VPN links encountered difficulties, with some showing 403 "Forbidden" error messages. It was, however, confirmed that these problems were related to the company defending itself against illegal access to its networks.
In a statement provided to Bleeping Computer, SoundCloud acknowledged that it recently noticed some malicious activity relating to the ancillary service dashboard and consequently triggered its incident response plan.
“The threat actor was able to obtain access to a very limited amount of data,” SoundCloud explained. Although sensitive information was at risk, SoundCloud assured that "no highly sensitive information" had been accessed.
“We are aware that a supposed threat group was able to gain access to some limited data that we possess,” said SoundCloud. “No sensitive information like passwords or financial info was accessed. 'The data that was affected had only email addresses and publicly available info on SoundCloud profiles,' a spokesperson for the music platform explained.”
However, according to sources speaking with BleepingComputer, it seems that this breach may not be the isolated incident that it appears. This incident is also believed to affect about 20% of SoundCloud’s total users, which could see information relating to 28 million accounts potentially exposed due to publicly available figures.
According to a report by SoundCloud, "As a precautionary measure and in line with industry standards, we have temporarily suspended services to prevent further unauthorized access. We have now secured the site and at no point was there a risk to the service." It was further added that the company has been working with third-party cyber-security specialists.
Amongst the changes made during the response to secure settings, there had been one with unforeseen repercussions. The tweak affected the ability to connect to SoundCloud through VPNs, thus restricting access to those services. The company has yet to issue a schedule for restoring full access to all VPN services.
Adding to this, the SoundCloud platform was also subjected to denial-of-service attacks that took the platform down after this breach.
After Bleeping Computer published an initial report, a public security announcement from SoundCloud followed, confirming that an event had occurred and described actions.
Although SoundCloud did not confirm the identity of the hackers, BleepingComputer received information that pointed towards the possible blame lying with the ShinyHunters extortions group. This is according to an anonymous source that stated that the group accessed the user database with the intention of extorting the firm.
ShinyHunters is a known cybercrime gang that was also involved in the Pornhub breach that was reported by BleepingComputer earlier this day.
