{“lastseen”:”2025-12-16T18:05:12″,”description”:”Comparing data breaches is like comparing apples and oranges. They differ on many levels. To news media, the size of the brand, how many users were impacted, and how it was done often dominate the headlines. For victims, what really matters is the type of information stolen. And for the organizations involved, the focus is on how they will handle the incident. So, let\u2019s have a look at the three that showed up in the news feeds today.\\n\\n## 700Credit\\n\\n700Credit is a US provider of credit reports, preliminary credit checks, identity verification, fraud detection, and compliance tools for automobile, recreational vehicle, powersports, and marine dealerships.\\n\\nIn a notice on its website, 700Credit informed media, partners, and affected individuals that it suffered a third-party supply-chain attack in late October 2025. According to the notice, an attacker gained unauthorized access to personally identifiable information (PII), including names, addresses, dates of birth, and Social Security numbers (SSNs). The breach involves data collected between May and October, impacting roughly 5.6 million people.\\n\\nThe supply-chain attack demonstrates the importance of how you handle attacks. Reportedly, 700Credit communicates with more than 200 integration partners through application programming interfaces (APIs). When one of the partners was compromised in July, they failed to notify 700Credit. As a result, unnamed cybercriminals broke into that third-party\u2019s system and exploited an API used to pull consumer information.\\n\\n700Credit shut down the exposed third-party API, notified the FBI and FTC, and is mailing letters to victims offering credit monitoring while coordinating with dealers and state regulators.\\n\\n## SoundCloud\\n\\nSoundCloud is a leading audio streaming platform where users can upload, promote, stream, and share music, podcasts, and other audio content.\\n\\nSoundCloud posted a notice on its website stating that it recently detected unauthorized activity in an ancillary service dashboard. Ancillary services refer to specialized functions that help maintain stability and reliability. When SoundCloud contained the attack, it experienced denial-of-service attacks, two of which were able to temporarily disable its platform’s availability on the web.\\n\\nAn investigation found that no sensitive data such as financial or password data was accessed. The exposed data consisted of email addresses and information already visible on public SoundCloud profiles. The company estimates the incident affected roughly 20% of its user base.\\n\\n## Pornhub\\n\\nPornhub is one of the world\u2019s most visited adult video-sharing websites, allowing users to view content anonymously or create accounts to upload and interact with videos.\\n\\nReportedly, Pornhub disclosed that on November 8, 2025, a security breach at third-party analytics provider Mixpanel exposed \u201ca limited set of analytics events for certain users.\u201d Pornhub stressed that this was not a breach of Pornhub\u2019s own systems, and said that passwords, payment details, and financial information were not exposed. Mixpanel, however, disputes that the data originated from its November 2025 security incident.\\n\\nAccording to reports, the ShinyHunters ransomware group claims to have obtained about 94 GB of data containing more than 200 million analytics records tied to Pornhub Premium activity. ShinyHunters shared a data sample with BleepingComputer that included a Pornhub Premium member’s email address, activity type, location, video URL, video name, keywords associated with the video, and the time the event occurred.\\n\\nShinyHunters has told BleepingComputer that it sent extortion demands to Pornhub, and the nature of the exposed data creates clear risks for blackmail, outing, and reputational harm\u2014even though no Social Security numbers, government IDs, or payment card details are in the scope of the breach.\\n\\n## Comparing apples and oranges\\n\\nAs you can see, these are three very different data breaches. Not just in how they happened, but in what they mean for the people affected. \\n\\nWhile email addresses and knowing that someone uses SoundCloud could be useful for phishers and scammers, it’s a long way from the leverage that comes with detailed records of Pornhub Premium activity. If that doesn\u2019t get you on the list of a \u201chello pervert\u201d scammer, I don\u2019t know what will.\\n\\nBut undoubtedly the most dangerous one for those affected is the 700Credit breach which provides an attacker with enough information for identity theft. In the other cases an attacker will have to penetrate another defense layer, but with a successful identity theft the attacker has reached an important goal.\\n\\n**Aspect**| **SoundCloud**| **700Credit**| **Pornhub** \\n—|—|—|— \\n**People affected**| Estimated ~28\u201336 million users (about 20% of users) \u200b| ~5.6 million people \u200b| \u201cSelect\u201d Premium users; ~201 million activity records (not 201 million people) \u200b \\n**Leaked data**| Email addresses and public profile info \u200b| Names, addresses, dates of birth, SSNs \u200b\u200b| Search, watch, and download activity; attacker-shared samples include email addresses, timestamps, and IP\/geo-location data \\n**Sensitivity level**| Low (mostly already public contact\/profile data) \u200b| Very high (classic identity\u2011theft PII) \u200b\u200b| Very high (intimate behavioral and preference data, blackmail\/extortion potential) \u200b \\n**Breach cause**| Unauthorized access to an internal service dashboard \u200b| Third\u2011party API compromise (supply\u2011chain attack) \u200b\u200b| Disputed incident involving third-party analytics data (Mixpanel), following a smishing campaign \\n \\n* * *\\n\\n**We don ‘t just report on threats\u2014we help safeguard your entire digital identity**\\n\\nCybersecurity risks should never spread beyond a headline. Protect your, and your family’s, personal information by using identity protection.”,”published”:”2025-12-16T17:04:59″,”modified”:”2025-12-16T17:04:59″,”type”:”malwarebytes”,”title”:”SoundCloud, Pornhub, and 700Credit all reported data breaches, but the similarities end there”,”source”:””,”references”:””,”id”:”MALWAREBYTES:CB9968E2AE60C0B5C1411C784F0DD505″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2025\/12\/soundcloud-pornhub-and-700credit-all-reported-data-breaches-but-the-similarities-end-there”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-12-16T18:05:12″,”description”:”Comparing data breaches is like comparing apples and oranges. They differ on many levels. To news media, the size of the brand, how many users…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-31405","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n