Hackers stole information of 29.8M accounts (~20% of users). SoundCloud is downplaying the data beyond email address as "publicly available", but the data wasn't scraped. "Profile statistics" aren't public either. Their main response[0], seems to focus on passwords and payment details being the only risky data. They even imply email addresses are public.

> no sensitive data was taken in the incident.The data involved consisted only of email addresses and information already visible on public SoundCloud profiles (not financial or password data)

[0]: https://soundcloud.com/playbook-articles/protecting-our-user...

Maybe the two public data points weren't connected before?

I don't use SoundCloud, but if profiles didn't have contact information like Email Address on them then it could be meaningful to now connect those two dots.

Like, 'Hey look, Person A, who is known to use email address X, kept Lost Prophets as one of their liked artists even after 2013!'