Blog Post — Newsjacking #1

Metadata

Title: SoundCloud Breach: 29.8 Million Email Addresses Exposed — The Phishing Emails Are Coming Slug: soundcloud-breach-phishing-emails Category: Email Threats Tags: soundcloud breach, data breach, phishing, credential theft, email security Excerpt: Nearly 30 million SoundCloud accounts have been exposed. Here's what was stolen, what scam emails to watch for, and how to protect yourself right now. Meta Description: The SoundCloud data breach exposed 29.8 million email addresses. Phishing emails are inevitable — here's exactly what to look for and how to stay safe.

Featured Image

Search on Unsplash: "headphones security" or "music streaming dark" Alt text: Headphones on a dark surface representing the SoundCloud data breach Size: 1200x630 (landscape)

Content

If you've ever had a SoundCloud account, your email address may now be in the hands of criminals. And the phishing emails are about to start.

In December 2025, SoundCloud confirmed it had been breached after the hacking group ShinyHunters gained access to internal systems. By January 2026, the stolen data — covering approximately 29.8 million accounts — was released publicly online.

That's roughly 20% of all SoundCloud users. And if your email is in that dataset, you're now a target.

What Was Stolen?

According to Have I Been Pwned, which added the breach to its database, the compromised data includes:

• Email addresses (29.8 million unique)
• Full names
• Usernames
• Geographic location / country
• Avatars
• Follower and following counts

The one piece of good news: SoundCloud stated that no passwords or financial data were accessed. But don't let that reassure you too much — what was stolen is more than enough to fuel convincing phishing campaigns.

Why This Matters for Your Inbox

Here's the problem. When attackers have your email address plus your real name, username, and location, they can craft phishing emails that feel personal. Generic "Dear Customer" scam emails are easy to spot. An email that uses your actual name and references your SoundCloud profile? Much harder.

The ShinyHunters group has a track record of breaching platforms and selling or leaking user data, which downstream scammers then use for targeted phishing campaigns. After every major breach, the pattern is the same: the stolen data circulates, and the phishing emails follow within days to weeks.

What the Phishing Emails Will Look Like

Based on previous data breach phishing waves, here's what to expect in your inbox over the coming weeks:

Fake Password Reset Emails

Subject lines:

• "Urgent: Reset your SoundCloud password now"
• "Your SoundCloud account security has been compromised"
• "Action required: SoundCloud password change"

What they'll do: Link to a fake SoundCloud login page designed to steal your credentials. Since no passwords were leaked, the irony is that the "fix" they're offering is the actual attack.

Fake Account Verification Emails

Subject lines:

• "Verify your SoundCloud account to maintain access"
• "SoundCloud security update — verify your identity"
• "Your account will be suspended unless you verify"

What they'll do: Create urgency to make you click without thinking. The link leads to a credential harvesting page.

Suspicious Login Alert Scams

Subject lines:

• "New login to your SoundCloud account from [Your Country]"
• "We noticed unusual activity on your SoundCloud account"
• "Someone logged into your account from a new device"

What they'll do: Use your real location data (which was in the breach) to make the alert feel authentic. You'll think someone is in your account and rush to "secure" it — right into the attacker's fake page.

Sender Patterns to Watch For

Phishing emails impersonating SoundCloud will likely come from addresses like:

• [email protected]
• [email protected] (note the number 1)
• [email protected]
• [email protected]

The real SoundCloud sends emails from @soundcloud.com. Anything else is a red flag.

What To Do Right Now

If you have (or ever had) a SoundCloud account, take these steps today:

1. Check Have I Been Pwned Go to haveibeenpwned.com and enter your email address. It will tell you if your data was included in the SoundCloud breach (or any other breach).

2. Change your SoundCloud password Go directly to soundcloud.com — type the address yourself, don't click any email links — and change your password.

3. If you reused that email/password combo anywhere else, change those too This is the big one. Attackers will try your email against other services (Spotify, YouTube, Gmail, banking). If you used the same password elsewhere, change it immediately.

4. Enable two-factor authentication Wherever it's available, turn on 2FA. Even if someone gets your password, they can't get in without the second factor.

5. Be deeply suspicious of any SoundCloud-related email For the next few months, treat every email mentioning SoundCloud as potentially fake. If SoundCloud genuinely needs you to do something, you can always log in directly through their website to check.

The Bigger Picture

The SoundCloud breach is a textbook example of why email addresses are the most valuable currency in cybercrime. Passwords get changed. Credit cards get cancelled. But your email address? That stays the same for years, sometimes decades. Every breach that leaks email addresses feeds an ever-growing ecosystem of phishing, spam, and credential stuffing attacks.

Nearly 30 million people are about to get more convincing scam emails. The best defence is knowing what's coming.