Sound Radix Audio Tools Breach - 293K User Accounts Exposed

Overview

In March 2026, Sound Radix, a developer of audio production tools for music and post-production professionals, disclosed a data breach affecting 292,993 users. The company self-submitted the incident to Have I Been Pwned (HIBP), confirming that unique email addresses, names, and potentially hashed passwords were exposed. Alarmingly, the breach also involved credit card data, elevating the risk far beyond typical credential leaks. Users who purchased plugins or licenses from Sound Radix may have had their payment information compromised.

What Was Exposed

The breached data includes email addresses, names, hashed passwords, and credit card details. Hashed passwords, while not readable directly, can often be cracked if weak or common. Credit card exposure is the most severe - it enables direct financial fraud, including unauthorized transactions and card cloning. Combined with names and email addresses, attackers have a rich profile for targeted phishing and identity theft.

How the Breach Happened

While Sound Radix has not publicly detailed the attack vector, the exposure of both credentials and payment data suggests a server-side intrusion or database compromise. Such breaches often stem from unpatched vulnerabilities, SQL injection, or compromised administrative credentials. The presence of credit card data indicates that Sound Radix was likely storing payment information in violation of PCI DSS best practices, which mandate tokenization or encryption of cardholder data.

Account Takeover and Financial Risks

This breach creates a dual threat. First, attackers can attempt to crack hashed passwords and use them to access Sound Radix accounts - and then reuse those credentials on other services if victims recycle passwords. Second, and more critically, exposed credit card data allows for immediate fraudulent charges, card-not-present fraud, and even full account takeover of the victim’s payment account if linked credentials are also compromised. Users should monitor bank and credit card statements for unauthorized activity.

How to Check If You’re Affected

Affected individuals can visit Have I Been Pwned and enter their email address. If the address appears in the Sound Radix breach, they will see a notification. Sound Radix may also be sending direct breach notifications to impacted users via email. If you have a Sound Radix account, assume your data is compromised and take immediate action.

What to Do Right Now

If you are affected, take these steps immediately:

1. Change your Sound Radix password - and any other accounts using the same password.
2. Contact your bank or credit card issuer to report the breach and request a replacement card.
3. Enable two-factor authentication (2FA) on all accounts that support it, especially email and financial services.
4. Monitor credit reports for unauthorized accounts or inquiries.
5. Be alert for phishing emails that reference Sound Radix or attempt to exploit the breach.

Security Insight

This breach reveals that Sound Radix was storing sensitive payment data in a manner that allowed full exposure - a fundamental security failure in an industry where PCI DSS compliance is mandatory. For a company serving professional audio engineers and studios, the reputational damage may be severe, particularly if clients lose trust in its data handling. The incident underscores a broader lesson for niche software vendors: storing credit card data is a liability that should be eliminated through tokenization. For ongoing cybersecurity news coverage of similar vendor breaches, stay informed.

Further Reading

• All Critical Breaches
• Recent Data Breaches