Music streaming service Deezer had a data breach after hackers managed to steal the data of over 200 million users.

Data allegedly stolen from one of Deezer’s third-party service providers in 2019 includes:

  • first and last name
  • Birthday
  • email address
  • IP address
  • sex
  • Location data (city and country)
  • Join Date
  • User ID

according to Restore privacy At first reported a violationhackers published 5 million sample records stolen on a popular hacking forum, claiming to hide 60 GB of stolen data, including 228 million email addresses.

Today we are selling information for over 200 million users from 2019 (especially from September to October 2019). It contains a user CSV, his 60 GB file with 257,829,454 records. Of these records, there are approximately 228 million unique non-anonymized emails. A CSV containing logged user sessions (IP addresses and devices). A folder named final containing the profile CS, and 106 CVs. Although the source is still unknown, Deezer apparently hires a third-party data analytics company to analyze its users. Wait for deezer to confirm where this came from lmao. The original purchaser also receives access to where this came from (the source for this has extra).

Deezer Support advisory About the November breach, shortly after the hacker’s post.

Deezer describes the leaked data as “non-confidential” and claims that no passwords or payment details were leaked.

Insensitive? Hmm. At the very least, email addresses and other information can be used to craft convincing phishing emails or abused by scammers to extract details from his Deezer users.

And I am disappointed that I have not received a notice of infringement from Deezer.

e-mailsign up for newsletter
Security news, advice and tips.

Back in the fog (2014), I had a Deezer account. I completely forgot about it, but when I logged back into Deezer today, I found that my account was still active.

Thankfully I didn’t pay for my subscription all along, but I’m frustrated that Deezer didn’t reach out to affected users and notify them that a violation had occurred. I first found out about it when I got a notification from Troy Hunt’s. Have I Been Pooned business.

Have I Been Pwned Deezer Data Breach Notification
Have I Been Pwned Deezer Data Breach Notification

I haven’t used Deezer’s service in almost 10 years, but I changed my password just in case. If given the chance, I will look into ways to permanently delete my account.

If you don’t use Deezer at all, I suggest you consider doing the same, or at least change your password.

As always, be strong, hard to crack, and don’t use it anywhere else on the internet.

Did you find this article interesting? Follow Graham Cluley on Twitter Also Mastodon To read more about the exclusive content we post.

Graham Cluley is a veteran of the antivirus industry and has worked for many security companies since the early 1990s when he created the first version of Dr. Solomon’s Antivirus Toolkit for Windows. He is now an independent security he is an analyst and makes regular media appearances and lectures internationally on the topics of computer he security, hackers and online he privacy. Follow him on Twitter. @gcluleyfor Mastodon @[email protected]or drop him an email.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog