Here at SoundCloud, the community we’ve built is our top priority – and protecting the security of your SoundCloud account is of the utmost importance to us.
Recently, there have been a number of industry-wide incidents which have exposed massive amounts of user data, such as the data dump of usernames and passwords from MySpace, LinkedIn and Last.fm. The availability of this information is challenging to those companies the information was leaked from as well as other websites, including SoundCloud, due to users reusing passwords across multiple sites. In light of these events, the Trust, Safety & Security team would like to take a moment to remind our community how we keep you safe, and what you can do to protect your SoundCloud account.
How does SoundCloud keep you safe?
SoundCloud uses a variety of methods to protect users and their data against brute-force sign-in attacks, phishing campaigns, malware distribution, and other nefarious actions. These include:
- Protecting accounts from unauthorized sign-in attempts
We throttle sign-in attempts from suspicious origins or networks with bad reputation, and combat automated password guessing attacks on individual accounts.
- Notifying users of substantial changes to their account
We alert account owners of substantial changes to their account by email. Changes that trigger an email alert include email address changes and password reset requests. These alerts give account holders the chance to react in case of illegitimate change requests.
- Freezing accounts with suspicious activity
When we identify irregular account activity, or suspect an account has been compromised, we freeze or temporarily suspend the account to prevent any further changes from happening. We also reset the account’s password and send an email to the account owner so that they can review their account and remedy the situation.
- Proactive protection of users affected by third-party incidents
When we learn of a third-party data leak, we check to see if any of our users’ email addresses are included. In cases where SoundCloud users’ emails have been affected by a security incident associated with another service, we prompt these individuals to reset their password when signing in on our website, before they can continue to access their account. This is to proactively protect users who may have reused passwords across multiple websites.
How can you help keep your account safe?
We encourage you to review your account settings and take proactive steps to protect your safety on the platform:
- Revoke any unknown connections.
- Remove any inactive or unknown email addresses and add an active secondary email address.
After doing this, follow our suggestions for creating secure passwords:
- A strong password consists of at least eight (8) characters including upper and lower-case letters, numbers and symbols. Do not include personal information such as your name, birthday, email address, etc.
- Never reuse a password for multiple sites, or share your password with others!
- Consider using a password manager like 1Password or LastPass to help create unique, strong passwords – and remember them.
To see if your credentials have been compromised in a data breach, we recommend using a free service like “Have I Been Pwned?” which can tell you if your email is found in prominent data breaches.