Skip to content(if available)orjump to list(if available)

SoundCloud confirms breach after member data stolen, VPN access disrupted

SoundCloud confirms breach after member data stolen, VPN access disrupted

12 comments

·December 16, 2025
Visit

owlninja

The HN post from earlier when the VPN ban speculation started:

https://news.ycombinator.com/item?id=46269891

password-app

SoundCloud users should rotate passwords immediately, especially if reused elsewhere.

The VPN access disruption suggests the breach may be deeper than initially disclosed. If you used the same password on banking, email, or other sensitive accounts, change those first.

For anyone managing 50+ accounts: automated password rotation tools exist now that can handle the tedious clicking through each site. Saves hours vs manual changes.

The Password App does this on macOS - full disclosure, I'm affiliated, but the general advice stands: don't wait for breach notifications to rotate credentials.

nstart

Curious... Why does VPN access disruption suggest the breach may be deeper than initially disclosed?

My understanding is that this prevents anonymous access to servers which would help during investigation if any further unauthorized access showed up. But it doesn't confirm that unauthorized access continued. Just curious how you are thinking about this though.

Brajeshwar

Please say more about the Password Rotation. Where, how, which?

nguyenkien

Go change your password. And do it for every website you reuse that password.

Brajeshwar

The keyword was, “automated password rotation tools.”

thenthenthen

What is ‘The Password App’? As in the built in ‘Passwords’ app?

elashri

What is the relation between blocking VPN and data breach? why would this be a reasonable response? Is it to prevent mass login attempts using VPNs to mark origin or what?

PunchyHamster

I'd imagine knee-jerk reaction when they noticed hacking and just started to blanket ban IP ranges to access their entire infrastructure

eterm

My SoundCloud account seems to predate my use of 1password and I didn't seem to migrate it.

Uh oh.

I hope they have a nice GDPR compliant deletion policy and my account is long gone.

WelcomeShorty

Just checked and my account was created (and last used) in 2013...

So at least they get some old accounts to become active again :D