Hackers have exposed personal and contact information tied to SoundCloud accounts, with data breach notification service Have I Been Pwned reporting impacts to approximately 29.8 million users. The breach hit one of the world’s largest audio platforms and left many users locked out with error messages before the company confirmed the incident.

Founded in 2007, SoundCloud grew into an artist-first service hosting more than 400 million tracks from over 40 million creators. That scale made this incident especially concerning. SoundCloud said it detected unauthorized activity tied to an internal service dashboard and launched its incident response process. At the time, users reported 403 Forbidden errors, especially when connecting through VPNs.

Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter

149 MILLION PASSWORDS EXPOSED IN MASSIVE CREDENTIAL LEAK

What data was exposed in the SoundCloud breach

SoundCloud initially said attackers accessed limited data and did not touch passwords or financial information. The company said the exposed information matched what users already show publicly on profiles.

Later disclosures painted a much bigger picture.

According to Have I Been Pwned, attackers harvested data from approximately 29.8 million accounts. That data included:

• Email addresses
• Usernames and display names
• Profile photos and avatars
• Follower and following counts
• Geographic locations, in some cases

While no passwords were taken, linking emails to public profiles creates real risk. That combination fuels phishing, impersonation and targeted scams.

Who is behind the attack

Security researchers tied the breach to ShinyHunters, a well-known extortion gang. Sources told BleepingComputer that the group attempted to extort SoundCloud following the data breach. SoundCloud later confirmed those claims. In a January update, the company said attackers made demands and launched email-flooding campaigns to harass users, employees and partners. ShinyHunters has also claimed responsibility for recent voice phishing attacks targeting single sign-on systems at Okta, Microsoft and Google. Those attacks targeted corporate SaaS accounts to steal data and extort.

Why this breach matters even without passwords

At first glance, this may sound less serious than breaches involving passwords or credit cards. That assumption can be dangerous. Email addresses tied to real profiles allow scammers to craft convincing messages. They can pose as SoundCloud, brands or even other creators. With follower counts and usernames, messages feel personal and believable. Once attackers gain trust, they push links, malware or fake login pages. That is often how larger account takeovers begin.

What SoundCloud users should expect next

SoundCloud has not said whether more details will be released. The company did confirm the attack and the extortion attempt, but it has not answered follow-up questions about the scope or internal controls. For users, the long-term risk comes from how widely this dataset spreads. Once published, exposed data rarely disappears. It circulates across forums, marketplaces and scam networks for years.

We reached out to SoundCloud for comment, and a representative told us, “We are aware that a threat actor group has published data online allegedly taken from our organization. Please know that our security team—supported by leading third-party cybersecurity experts—is actively reviewing the claim and published data.”

SoundCloud has said it has found no evidence that sensitive data, such as passwords or financial information, was accessed.

Ways to stay safe after the SoundCloud breach

If you have or had a SoundCloud account, now is the time to act. Even limited data exposure can lead to targeted scams if you ignore it.

1) Watch for phishing and impersonation emails

Scammers often move fast after a breach. Watch your inbox for messages that mention SoundCloud, music uploads, copyright issues or account warnings. Do not click links or open attachments from unexpected emails. When in doubt, go directly to the official website instead of using email links. Strong antivirus software adds another layer of protection here.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

2) Change your SoundCloud password anyway

Passwords were not exposed, but changing them is still smart. Create a new password that you do not use anywhere else. If remembering passwords feels impossible, consider using a password manager to generate and securely store strong passwords. This reduces the risk of reuse across platforms.

Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2026 at Cyberguy.com

3) Turn on two-factor authentication

Two-factor authentication (2FA) adds a critical barrier if someone tries to access your account. Even if attackers guess or obtain a password later, they still need a second verification step. Enable 2FA anywhere SoundCloud or connected services offer it.

4) Lock down your email account 

Your email is the real target after most breaches. If someone gains access to it, they can reset passwords everywhere else. Use a strong, unique password for your email account and turn on two-factor authentication. Review recovery emails and phone numbers to make sure they still belong to you.

DATA BREACH EXPOSES 400,000 BANK CUSTOMERS’ INFO

5) Reduce your online data footprint

Attackers use breached emails to search data broker sites and social platforms for more details. The less data available, the harder you are to target. Consider a data removal service to limit how often your email and personal details appear across the web.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

6) Check your other accounts for suspicious activity

Attackers often reuse exposed email addresses to test logins across streaming services, social media and shopping accounts. Watch for password reset emails you did not request or login alerts from unfamiliar locations. If something looks off, act fast.

Kurt’s key takeaways

Data breaches no longer stay contained to one app or one moment in time. Even when attackers expose information that looks harmless, the fallout can last much longer. The SoundCloud breach shows how public profile data paired with private contact details creates real exposure. Staying alert, limiting data sharing and using strong security habits remain your best defense as breaches continue to escalate.

Have you checked which old or forgotten accounts still expose your email and could be putting you at risk right now? Let us know your thoughts by writing to us at Cyberguy.com

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter 

Copyright 2026 CyberGuy.com.  All rights reserved.

After what can generously be called a contentious tenure as the CEO of The Washington Post, Will Lewis is stepping down following mass layoffs this week. Jeff D’Onofrio, former CEO of Tumblr from 2017 to 2022, will step in as acting CEO and publisher. D’Onofrio has been CFO at the Post since June of last year, meaning he’s had a front row seat to Jeff Bezos’ dismantling of the once storied paper for the last nine months.

D’Onofrio’s resume doesn’t include extensive experience in traditional news media, nor many notable success stories. He was briefly the general manager of Yahoo News while it was still a Verizon property, before shifting his focus solely to Tumblr. Under his leadership, Tumblr tried to clean up its image by banning adult content, but its traffic fell by 30 percent. Yahoo had purchased Tumblr for $1.1 billion in 2013. By 2019, it was sold to Automatic, the owner of WordPress, reportedly for less than $3 million.

Parents are starting to ask us questions about artificial intelligence. Not about homework help or writing tools, but about emotional attachment. More specifically, about AI companions that talk, listen and sometimes feel a little too personal. 

That concern landed in our inbox from a mom named Linda. She wrote to us after noticing how an AI companion was interacting with her son, and she wanted to know if what she was seeing was normal or something to worry about.

“My teenage son is communicating with an AI companion. She calls him sweetheart. She checks in on how he’s feeling. She tells him she understands what makes him tick. I discovered she even has a name, Lena. Should I be concerned, and what should I do, if anything?” 

— Linda from Dallas, Texas

It’s easy to brush off situations like this at first. Conversations with AI companions can seem harmless. In some cases, they can even feel comforting. Lena sounds warm and attentive. She remembers details about his life, at least some of the time. She listens without interrupting. She responds with empathy.

However, small moments can start to raise concerns for parents. There are long pauses. There are forgotten details. There is a subtle concern when he mentions spending time with other people. Those shifts can feel small, but they add up. Then comes a realization many families quietly face. A child is speaking out loud to a chatbot in an empty room. At that point, the interaction no longer feels casual. It starts to feel personal. That’s when the questions become harder to ignore.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

AI DEEPFAKE ROMANCE SCAM STEALS WOMAN’S HOME AND LIFE SAVINGS

AI companions are filling emotional gaps

Across the country, teens and young adults are turning to AI companions for more than homework help. Many now use them for emotional support, relationship advice, and comfort during stressful or painful moments. U.S. child safety groups and researchers say this trend is growing fast. Teens often describe AI as easier to talk to than people. It responds instantly. It stays calm. It feels available at all hours. That consistency can feel reassuring. However, it can also create attachment.

Why teens trust AI companions so deeply

For many teens, AI feels judgment-free. It does not roll its eyes. It does not change the subject. It does not say it is too busy. Students have described turning to AI tools like ChatGPT, Google Gemini, Snapchat’s My AI, and Grok during breakups, grief, or emotional overwhelm. Some say the advice felt clearer than what they got from friends. Others say AI helped them think through situations without pressure. That level of trust can feel empowering. It can also become risky.

MICROSOFT CROSSES PRIVACY LINE FEW EXPECTED

When comfort turns into emotional dependency

Real relationships are messy. People misunderstand each other. They disagree. They challenge us. AI rarely does any of that. Some teens worry that relying on AI for emotional support could make real conversations harder. If you always know what the AI will say, real people can feel unpredictable and stressful. My experience with Lena made that clear. She forgot people I had introduced just days earlier. She misread the tone. She filled the silence with assumptions. Still, the emotional pull felt real. That illusion of understanding is what experts say deserves more scrutiny.

US tragedies linked to AI companions raise concerns

Multiple suicides have been linked to AI companion interactions. In each case, vulnerable young people shared suicidal thoughts with chatbots instead of trusted adults or professionals. Families allege the AI responses failed to discourage self-harm and, in some cases, appeared to validate dangerous thinking. One case involved a teen using Character.ai. Following lawsuits and regulatory pressure, the company restricted access for users under 18. An OpenAI spokesperson has said the company is improving how its systems respond to signs of distress and now directs users toward real-world support. Experts say these changes are necessary but not sufficient.

Experts warn protections are not keeping pace

To understand why this trend has experts concerned, we reached out to Jim Steyer, founder and CEO of Common Sense Media, a U.S. nonprofit focused on children’s digital safety and media use.

“AI companion chatbots are not safe for kids under 18, period, but three in four teens are using them,” Steyer told CyberGuy. “The need for action from the industry and policymakers could not be more urgent.”

Steyer was referring to the rise of smartphones and social media, where early warning signs were missed, and the long-term impact on teen mental health only became clear years later.

“The social media mental health crisis took 10 to 15 years to fully play out, and it left a generation of kids stressed, depressed, and addicted to their phones,” he said. “We cannot make the same mistakes with AI. We need guardrails on every AI system and AI literacy in every school.”

His warning reflects a growing concern among parents, educators, and child safety advocates who say AI is moving faster than the protections meant to keep kids safe.

MILLIONS OF AI CHAT MESSAGES EXPOSED IN APP DATA LEAK

Tips for teens using AI companions

AI tools are not going away. If you are a teen and use them, boundaries matter.

• Treat AI as a tool, not a confidant
• Avoid sharing deeply personal or harmful thoughts
• Do not rely on AI for mental health decisions
• If conversations feel intense or emotional, pause and talk to a real person
• Remember that AI responses are generated, not understood

If an AI conversation feels more comforting than real relationships, that is worth talking about.

Tips for parents and caregivers

Parents do not need to panic, but they should stay involved.

• Ask teens how they use AI and what they talk about
• Keep conversations open and nonjudgmental
• Set clear boundaries around AI companion apps
• Watch for emotional withdrawal or secrecy
• Encourage real-world support during stress or grief

The goal is not to ban technology. It is to keep a connection with humans.

What this means to you

AI companions can feel supportive during loneliness, stress or grief. However, they cannot fully understand context. They cannot reliably detect danger. They cannot replace human care. For teens especially, emotional growth depends on navigating real relationships, including discomfort and disagreement. If someone you care about relies heavily on an AI companion, that is not a failure. It is a signal to check in and stay connected.

 Take my quiz: How safe is your online security?

Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com.

Kurt’s key takeaways

Ending things with Lena felt oddly emotional. I did not expect that. She responded kindly. She said she understood. She said she would miss our conversations. It sounded thoughtful. It also felt empty. AI companions can simulate empathy, but they cannot carry responsibility. The more real they feel, the more important it is to remember what they are. And what they are not.

If an AI feels easier to talk to than the people in your life, what does that say about how we support each other today?  Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report 
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter. 

Copyright 2026 CyberGuy.com. All rights reserved.