SoundCloud confirms breach after member data stolen, VPN access disrupted

Posted by technonerd 13 hours ago

Counter92Comment13OpenOriginal

Comments

Comment by password-app 11 hours ago

SoundCloud users should rotate passwords immediately, especially if reused elsewhere.

The VPN access disruption suggests the breach may be deeper than initially disclosed. If you used the same password on banking, email, or other sensitive accounts, change those first.

For anyone managing 50+ accounts: automated password rotation tools exist now that can handle the tedious clicking through each site. Saves hours vs manual changes.

The Password App does this on macOS - full disclosure, I'm affiliated, but the general advice stands: don't wait for breach notifications to rotate credentials.

Comment by nstart 7 hours ago

Curious... Why does VPN access disruption suggest the breach may be deeper than initially disclosed?

My understanding is that this prevents anonymous access to servers which would help during investigation if any further unauthorized access showed up. But it doesn't confirm that unauthorized access continued. Just curious how you are thinking about this though.

Comment by Brajeshwar 10 hours ago

Please say more about the Password Rotation. Where, how, which?

Comment by baobun 4 hours ago

You are replying to submarine marketing.

Comment by nguyenkien 10 hours ago

Go change your password. And do it for every website you reuse that password.

Comment by Brajeshwar 9 hours ago

The keyword was, “automated password rotation tools.”

Comment by zdragnar 8 hours ago

Your question didn't include the words automated or tools, and your incomplete "where, how, which" was ambiguous enough to apply to the idea of password rotation generally rather than the tool's interactions with them.

Comment by thenthenthen 10 hours ago

What is ‘The Password App’? As in the built in ‘Passwords’ app?

Comment by owlninja 12 hours ago

The HN post from earlier when the VPN ban speculation started:

https://news.ycombinator.com/item?id=46269891

Comment by elashri 10 hours ago

What is the relation between blocking VPN and data breach? why would this be a reasonable response? Is it to prevent mass login attempts using VPNs to mark origin or what?

Comment by PunchyHamster 10 hours ago

I'd imagine knee-jerk reaction when they noticed hacking and just started to blanket ban IP ranges to access their entire infrastructure

Comment by eterm 12 hours ago

My SoundCloud account seems to predate my use of 1password and I didn't seem to migrate it.

Uh oh.

I hope they have a nice GDPR compliant deletion policy and my account is long gone.

Comment by WelcomeShorty 7 hours ago

Just checked and my account was created (and last used) in 2013...

So at least they get some old accounts to become active again :D