Music streaming service Deezer had a data breach after hackers managed to steal the data of over 200 million users.
Data allegedly stolen from one of Deezer’s third-party service providers in 2019 includes:
- first and last name
- Birthday
- email address
- IP address
- sex
- Location data (city and country)
- Join Date
- User ID
according to Restore privacy At first reported a violationhackers published 5 million sample records stolen on a popular hacking forum, claiming to hide 60 GB of stolen data, including 228 million email addresses.
Today we are selling information for over 200 million Deezer.com users from 2019 (especially from September to October 2019). It contains a user CSV, his 60 GB file with 257,829,454 records. Of these records, there are approximately 228 million unique non-anonymized emails. A CSV containing logged user sessions (IP addresses and devices). A folder named final containing the profile CS, and 106 CVs. Although the source is still unknown, Deezer apparently hires a third-party data analytics company to analyze its users. Wait for deezer to confirm where this came from lmao. The original purchaser also receives access to where this came from (the source for this has extra).
Deezer Support advisory About the November breach, shortly after the hacker’s post.
Deezer describes the leaked data as “non-confidential” and claims that no passwords or payment details were leaked.
Insensitive? Hmm. At the very least, email addresses and other information can be used to craft convincing phishing emails or abused by scammers to extract details from his Deezer users.
And I am disappointed that I have not received a notice of infringement from Deezer.
sign up for newsletterSecurity news, advice and tips.
Back in the fog (2014), I had a Deezer account. I completely forgot about it, but when I logged back into Deezer today, I found that my account was still active.
Thankfully I didn’t pay for my subscription all along, but I’m frustrated that Deezer didn’t reach out to affected users and notify them that a violation had occurred. I first found out about it when I got a notification from Troy Hunt’s. Have I Been Pooned business.
I haven’t used Deezer’s service in almost 10 years, but I changed my password just in case. If given the chance, I will look into ways to permanently delete my account.
If you don’t use Deezer at all, I suggest you consider doing the same, or at least change your password.
As always, be strong, hard to crack, and don’t use it anywhere else on the internet.
Did you find this article interesting? Follow Graham Cluley on Twitter Also Mastodon To read more about the exclusive content we post.
