For several days, users on Reddit and blogs have been reporting a puzzling number of connection problems with SoundCloud. Longtime VPN users claimed they could no longer connect; the same was true for those using the privacy network Tor. Others were asked to “verify” the email addresses of long-established accounts. (5 Mag joined SoundCloud sometime around 2008 or 2009; we were also asked to verify over the weekend.) These service changes were followed by reports of outages and periods of intermittent service.
This evening, SoundCloud confirmed that the platform had been hacked, and member data stolen. Discovery of the theft was followed by two denial of service attacks which brought down the platform’s website.
In a statement made public (it appears an early version was sent to BleepingComputer, which had been reporting on the disruption to the platform), SoundCloud claimed they had “recently detected unauthorized activity in an ancillary service dashboard.
“Upon making this discovery, we immediately activated our incident response protocols and promptly contained the activity. We also engaged leading third-party cybersecurity experts to assist in a thorough investigation and response. Following the containment, SoundCloud experienced denial of service attacks, two of which were able to temporarily disable our platform’s availability on the web only.”
Don't Stay In 
Get on our guest list for news from 5 Mag and you'll never miss a thing. It's free and we don't sell your shit. 
SoundCloud claims the “purported threat actor group” obtained “certain limited data that we hold.” The platform claims that an investigation revealed that “no sensitive data (such as financial or password data) had been accessed”; data consisted of email addresses and “information already visible on public SoundCloud profiles” affecting approximately 20% of SoundCloud users.
“We are confident that any access to SoundCloud data has been curtailed,” the statement reads.
While SoundCloud’s statement appears to imply that the threat from the attack has subsided, Lawrence Abrams at BleepingComputer claims their site received a tip that the group responsible for the attack “is now extorting SoundCloud after allegedly stealing a database containing information about its users.”
