Multiple High-Profile Data Breaches at SoundCloud, Pornhub, and 700Credit
SoundCloud, Pornhub, and 700Credit have each confirmed significant data breaches impacting millions of users. SoundCloud reported unauthorized access to an ancillary service dashboard, affecting approximately 20% of its 140 million users—about 28 million people. The exposed data included email addresses and information already visible on public profiles, with no passwords or financial details compromised. The incident also caused temporary connectivity issues for some users, particularly those using VPNs, due to configuration changes made during the response. Pornhub notified select Premium subscribers that some user data was exposed following a breach at Mixpanel, a third-party analytics provider, but emphasized that sensitive information such as passwords, payment details, and government IDs were not affected. Pornhub had ceased using Mixpanel in 2021 and was informed of the breach by the vendor.
700Credit, a US-based provider of credit and identity verification services, suffered a third-party supply-chain attack that compromised the personal information of approximately 5.6 million individuals. The breach, which occurred between May and October 2025, involved unauthorized access to names, addresses, dates of birth, and Social Security numbers through a compromised API used by one of 700Credit's integration partners. 700Credit has since shut down the affected API, notified federal authorities, and is offering credit monitoring to victims. These incidents highlight the ongoing risks posed by third-party service providers and the importance of timely breach notification and response.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
7 events from the most recent confirmed update back to the earliest known activity.
Askul discloses RansomHouse ransomware attack and data leak
Japanese retailer Askul disclosed a ransomware attack attributed to the RansomHouse group that caused large-scale service outages, data encryption, and publication of some stolen data. About 740,000 customer and partner records were affected, with the intrusion linked to a subcontractor account lacking multi-factor authentication and insufficient monitoring.
OpenAI confirms exposure through compromised analytics credentials
OpenAI confirmed that it was also affected by the Mixpanel-related breach through compromised analytics credentials. Reported exposure was tied to analytics data rather than passwords or payment information.
Pornhub confirms user data exposure tied to Mixpanel breach
Pornhub disclosed that a limited set of analytics events tied to certain users was exposed through third-party analytics provider Mixpanel. The company said passwords and payment details were not compromised.
SoundCloud detects unauthorized dashboard activity and service attacks
SoundCloud reported unauthorized activity in an ancillary service dashboard and subsequent denial-of-service attacks. The company said the exposed data was limited to email addresses and public profile information, affecting roughly 20% of users, with no passwords or financial data accessed.
ShinyHunters claims theft of Pornhub analytics records
Following the Mixpanel-related incident, reports attributed to the ShinyHunters ransomware group claimed the theft of about 94 GB of data and more than 200 million analytics records tied to Pornhub Premium activity. Sample data reportedly raised blackmail and reputational concerns even though no payment card or government ID data was said to be involved.
Mixpanel suffers November 2025 breach affecting customer analytics data
In November 2025, analytics provider Mixpanel experienced a breach involving compromised analytics credentials and customer data exposure. The incident was later linked to downstream disclosures involving Pornhub and OpenAI, though Mixpanel disputed some claims about the origin of Pornhub-related data.
700Credit hit by third-party supply-chain breach
In late October 2025, attackers accessed 700Credit data in a supply-chain incident after an integration partner was compromised and an API was allegedly exploited. The breach exposed high-risk personal data, including Social Security numbers, affecting about 5.6 million people.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
SoundCloud Data Breach Exposes 29.8 Million User Records
SoundCloud confirmed unauthorized access to an internal/ancillary service dashboard that enabled attackers to correlate **hidden email addresses** with information already visible on public SoundCloud profiles, impacting roughly **29.8 million accounts** (about **20%** of its user base). Exposed data was primarily **email addresses** plus public-profile metadata (e.g., usernames/display names, avatars, follower/following counts, and other profile statistics); SoundCloud stated **no passwords or financial data** were accessed. Users also reported service disruptions around the time of the incident, including access issues such as `403 Forbidden` errors (notably when connecting via VPN), consistent with post-incident security changes and response actions. Reporting attributed the intrusion and subsequent extortion attempt to the **ShinyHunters** group, with SoundCloud later acknowledging the actor made demands and used harassment tactics such as **email flooding**. The stolen dataset was subsequently leaked and then added to *Have I Been Pwned* for exposure checking, increasing downstream risk of targeted phishing and account-takeover attempts via credential stuffing on other services where users may have reused emails as identifiers. Separate contemporaneous claims by ShinyHunters against other companies (e.g., Panera Bread, CarMax, Edmunds) were reported but are distinct from the confirmed SoundCloud incident and include different alleged access vectors (e.g., stolen SSO codes).
Mar 21, 2026
Multiple Consumer Data Exposures: IDMerit Database Leak, youX Intrusion, and Substack User Data Access
Cybersecurity researchers reported a major exposure at **IDMerit**, an AI-driven identity verification provider, after discovering an unsecured, internet-accessible **MongoDB** instance containing **over 3 billion records** (over 1TB). Exposed data reportedly included full names, addresses, dates of birth, national ID numbers, phone numbers, and email addresses; researchers estimated roughly **~1 billion** records contained sensitive data (with duplicates likely inflating the total). The dataset was described as global in scope, affecting individuals across **26 countries**, with large volumes attributed to the **US, Mexico, and the Philippines**, creating downstream risk for **identity fraud, account takeover, phishing, and SIM-swap** activity. Separately, Australian finance technology platform **youX** confirmed an **unauthorized third-party access** incident, after which a hacker claimed theft of data tied to **444,528** Australian borrowers and additional loan-application and identity data (including driver’s licence numbers, addresses, and credit/banking-related information), plus customer/staff details associated with broker organizations. **Substack** also confirmed unauthorized access to **limited user data** (including email addresses, phone numbers, and internal account metadata) that occurred in **October 2025** but was only identified on **Feb. 3, 2026**; Substack stated **passwords and payment card/financial data were not accessed**, but the extended detection gap raised concerns about monitoring and dwell time.
Mar 21, 2026
SoundCloud Data Breach and Service Disruption Following Cyberattack
SoundCloud experienced a cyberattack that resulted in unauthorized access to an ancillary service dashboard, leading to the exposure of limited user data. The company confirmed that the attackers accessed email addresses and information already visible on public SoundCloud profiles, affecting approximately 20% of its user base—estimated at around 26 to 28 million accounts. SoundCloud stated that no sensitive data, such as financial or password information, was compromised. In response, the company activated its incident response protocols, engaged third-party cybersecurity experts, and implemented enhanced monitoring, threat detection, and access control measures. Following the breach, SoundCloud faced multiple denial-of-service attacks that temporarily disrupted the platform's web availability. Additionally, a configuration change made during the incident response process inadvertently disrupted VPN access for users, resulting in widespread reports of 403 "forbidden" errors when attempting to connect via VPN. SoundCloud has since contained the unauthorized access and is working to restore full service, including VPN connectivity, while continuing to audit and reinforce its security posture.
Mar 21, 2026