SoundCloud is a popular music sharing website and distribution platform; recently they fixed many security vulnerabilities that were affecting the API. Without the fix, hackers could’ve taken over accounts, exploited the services, and launched denial of service accounts. When they were studying the state of API security in popular online platforms the vulnerabilities were identified by the Checkmarx Security Research team. The company acted in a very cooperative manner when the research team disclosed the vulnerabilities found in SoundCloud’s API. One of the researchers from the Checkmarx’s team stated that they had no clue in regards to the attackers exploiting the vulnerabilities. They found evidence based on old incidents that might’ve happened due to the Broken Authentication issue. Paulo Silva, one of the researchers from Checkmarx stated that the vulnerabilities could’ve been exploited to take control of the users’ accounts.
SoundCloud users could’ve been the primary target due to the user enumeration and broken authentication. Exposing user data is very popular and making the data generally available is very common. Recently, SoundCloud raised a massive $75 million from the satellite radio giant SiriusXM. SoundCloud has an ad partnership with the company and the raised money is expected to be used for launching new services and product development.