> the impacted data included 30M unique email addresses, names, usernames, avatars, follower and following counts and, in some cases, the user’s country
> In December 2025, SoundCloud announced it had discovered unauthorised activity on its platform. The incident allowed an attacker to map publicly available SoundCloud profile data to email addresses for approximately 20% of its users. The impacted data included 30M unique email addresses, names, usernames, avatars, follower and following counts and, in some cases, the user’s country.
That's from the haveibeenpwned email which I received because of course I'm part of that 20%.
Remember to have unique passwords for each website kids, ideally with a password manager.
If I’m understanding correctly, it sounds like, aside from the email addresses, all the data leaked was already publicly available on users’ SoundCloud profiles. The only novel aspect is linking that public data to the accounts’ email addresses.
SoundCloud is the worst company, so hostile to former paying users! I am a hobbyist songwriter and have posted my rough mixes (Apple's Music Memo app which adds drum and bass automagically with two clicks & then mix it in Garage Band) on my SoundCloud for more then ten years. I signed up for their Artist Pro account and was a member for of such consistently for a few years at $17 a month. Once you cancel they then hold all your music hostage by hiding it and later threat to delete it. Horrid!
A former paying user is not a customer. If you don't pay, why should you receive service? I buy a pizza at this pizza shop every week, but I still don't get free ones.
SoundCloud is European, so most of the dark patterns used by American companies to offer "free" service are not available to them, and they are required by law to actually delete data instead of pretending to delete it.
Recently I decided to evaluate it for serious use and start posting there again, only until their new uploader told me I need to switch to a paid plan, even though I triple-checked I was well within free limits and under my old now unused username I uploaded a lot more (mostly of experimental things I am not that proud of anymore).
It looks like their microservices architecture is in chaos and some system overrides the limits outlined in the docs with stricter ones. How can I be sure they respect the mew limits once I do pay, instead of upselling me the next plan in line?
Adding to that things like the general jankiness or the never-ending spam from “get more fake listeners for $$$” accounts (which seem to be in an obvious symbiosis with the platform, boosting the numbers for optics), the last year’s ambiguous change in ToS allowing them to train ML systems on your work, it was enough for me to drop it. Thankfully, it was a trial run and I did not publish any pending releases.
If you still publish on SoundCloud, and you do original music (as opposed to publishing, say, DJ sets, where dealing with IP is problematic), ask yourself whether it is timr to grow up and do proper publishing!
The service is freemium, so they had a limited account. Decided to pay for a premium account. And apparently can’t downgrade and get back what they once had.
What should they do instead? spend money continuously holding your music on disk forever even though you aren't paying them for the service? Sounds like they are being cool about it by keeping it around for a while and warning you before deleting it.
Why would someone that writes their own songs, mixes in GarageBand, uploads to a 3rd party website need to use yt-dlp to get back the files that they themselves made?
Yes, I'm intentionally victim blaming here. The victim is complaining about a 3rd party site deleting files. Who cares? Why would you have as your only source of your files the copies stored by the 3rd party?
> the impacted data included 30M unique email addresses, names, usernames, avatars, follower and following counts and, in some cases, the user’s country
Importantly, 20% of the total userbase it seems:
> In December 2025, SoundCloud announced it had discovered unauthorised activity on its platform. The incident allowed an attacker to map publicly available SoundCloud profile data to email addresses for approximately 20% of its users. The impacted data included 30M unique email addresses, names, usernames, avatars, follower and following counts and, in some cases, the user’s country.
That's from the haveibeenpwned email which I received because of course I'm part of that 20%.
Remember to have unique passwords for each website kids, ideally with a password manager.
If I’m understanding correctly, it sounds like, aside from the email addresses, all the data leaked was already publicly available on users’ SoundCloud profiles. The only novel aspect is linking that public data to the accounts’ email addresses.
That step makes a big difference though.
SoundCloud is the worst company, so hostile to former paying users! I am a hobbyist songwriter and have posted my rough mixes (Apple's Music Memo app which adds drum and bass automagically with two clicks & then mix it in Garage Band) on my SoundCloud for more then ten years. I signed up for their Artist Pro account and was a member for of such consistently for a few years at $17 a month. Once you cancel they then hold all your music hostage by hiding it and later threat to delete it. Horrid!
A former paying user is not a customer. If you don't pay, why should you receive service? I buy a pizza at this pizza shop every week, but I still don't get free ones.
SoundCloud is European, so most of the dark patterns used by American companies to offer "free" service are not available to them, and they are required by law to actually delete data instead of pretending to delete it.
The difference between Artist vs Pro is three hours vs unlimited uploaded music.
So if you had over three hours uploaded, it seems reasonable for them to restrict the service. If you had <= three, then it would a problem.
SoundCloud used to be good prior to the redesign.
Recently I decided to evaluate it for serious use and start posting there again, only until their new uploader told me I need to switch to a paid plan, even though I triple-checked I was well within free limits and under my old now unused username I uploaded a lot more (mostly of experimental things I am not that proud of anymore).
It looks like their microservices architecture is in chaos and some system overrides the limits outlined in the docs with stricter ones. How can I be sure they respect the mew limits once I do pay, instead of upselling me the next plan in line?
Adding to that things like the general jankiness or the never-ending spam from “get more fake listeners for $$$” accounts (which seem to be in an obvious symbiosis with the platform, boosting the numbers for optics), the last year’s ambiguous change in ToS allowing them to train ML systems on your work, it was enough for me to drop it. Thankfully, it was a trial run and I did not publish any pending releases.
If you still publish on SoundCloud, and you do original music (as opposed to publishing, say, DJ sets, where dealing with IP is problematic), ask yourself whether it is timr to grow up and do proper publishing!
that just sounds like customer not paying for service not getting the service
The service is freemium, so they had a limited account. Decided to pay for a premium account. And apparently can’t downgrade and get back what they once had.
They first hide your songs and as time goes on they start threaten to delete your songs if you dont pay
What should they do instead? spend money continuously holding your music on disk forever even though you aren't paying them for the service? Sounds like they are being cool about it by keeping it around for a while and warning you before deleting it.
You can export your entire profile using yt-dlp. Of course you have to do it, when you are still a paying customer.
Why would someone that writes their own songs, mixes in GarageBand, uploads to a 3rd party website need to use yt-dlp to get back the files that they themselves made?
Yes, I'm intentionally victim blaming here. The victim is complaining about a 3rd party site deleting files. Who cares? Why would you have as your only source of your files the copies stored by the 3rd party?
Are there any alternatives?
Isn't everyone on YouTube or Bandcamp now for this use case?
YouTube is the domain of Satan, also the name is hilarious - you tube? really? I don't tube thaanks