Soundcloud Confirms Breach After Member Data Stolen, VPN Access Disrupted
Key topics
A recent data breach at SoundCloud has left users scrambling to secure their accounts, with some speculating that the company's decision to disrupt VPN access may be connected to the breach. As users rush to rotate passwords and assess potential vulnerabilities, commenters are weighing in on the potential risks and consequences, with some urging caution and others seeking clarity on password management best practices. One user wondered if SoundCloud's VPN ban was a knee-jerk reaction to prevent mass login attempts, while others were advised to change passwords immediately, especially if reused across multiple sites. With GDPR compliance and password security top of mind, the discussion highlights the importance of proactive measures in the face of data breaches.
Snapshot generated from the HN discussion
Discussion Activity
Light discussionFirst comment
29m
Peak period
4
2-3h
Avg / period
1.6
Key moments
- 01Story posted
Dec 15, 2025 at 8:44 PM EST
22 days ago
Step 01 - 02First comment
Dec 15, 2025 at 9:13 PM EST
29m after posting
Step 02 - 03Peak activity
4 comments in 2-3h
Hottest window of the conversation
Step 03 - 04Latest activity
Dec 16, 2025 at 6:05 AM EST
22 days ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
Uh oh.
I hope they have a nice GDPR compliant deletion policy and my account is long gone.
So at least they get some old accounts to become active again :D
The VPN access disruption suggests the breach may be deeper than initially disclosed. If you used the same password on banking, email, or other sensitive accounts, change those first.
For anyone managing 50+ accounts: automated password rotation tools exist now that can handle the tedious clicking through each site. Saves hours vs manual changes.
The Password App does this on macOS - full disclosure, I'm affiliated, but the general advice stands: don't wait for breach notifications to rotate credentials.
My understanding is that this prevents anonymous access to servers which would help during investigation if any further unauthorized access showed up. But it doesn't confirm that unauthorized access continued. Just curious how you are thinking about this though.
https://news.ycombinator.com/item?id=46269891