Sound Radix Breach Exposes 293 K User Accounts and Password Hashes
What Happened — In March 2026, audio‑production‑tools provider Sound Radix disclosed a data breach affecting roughly 293 000 unique email addresses, names, and possibly hashed passwords. The company self‑reported the incident to Have I Been Pwned (HIBP).
Why It Matters for TPRM —
- Exposure of credential data can be leveraged in credential‑stuffing attacks against downstream vendors.
- Third‑party SaaS platforms often share authentication services; compromised passwords increase supply‑chain risk.
- No financial data was leaked, but personal identifiers raise phishing and social‑engineering concerns.
Who Is Affected — SaaS vendors in the creative‑media sector, their enterprise customers, and any organization that re‑uses the exposed credentials.
Recommended Actions — Review any contractual reliance on Sound Radix, verify that password policies and MFA are enforced for accounts linked to the vendor, and monitor for credential‑stuffing activity.
Technical Notes — Attack vector not disclosed; breach likely stemmed from a server‑side compromise or mis‑configuration. Exposed data: email addresses, full names, and hashed passwords (hash type not specified). No credit‑card or payment data reported. Source: https://haveibeenpwned.com/Breach/SoundRadix