In December 2025, ShinyHunters breached SoundCloud via vishing — attackers convinced employees to provide access to an ancillary service dashboard. SoundCloud confirmed the breach on December 15, 2025. After the company declined to pay ransom, ShinyHunters began leaking data on January 22, 2026, via Telegram and .onion links. The breach affected approximately 29.8 million accounts, roughly 20% of SoundCloud’s user base. Exposed data included names, email addresses, usernames, avatars, follower/following counts, and select users’ countries. Passwords, payment card numbers, and financial information were not accessed. Have I Been Pwned indexed the dataset. The breach is part of ShinyHunters’ broader 2025–2026 campaign targeting companies via Salesforce/Okta vishing, alongside Qantas, Vietnam Airlines, CarGurus, Crunchbase, Betterment, and dozens of others.