Data of over 200 million Deezer users stolen, leaks on hacking forum • Graham Cluley


Data of over 200 million Deezer users leaks on hacking forum

Music-streaming service Deezer has owned up to a data breach, after hackers managed to steal the data of over 200 million of its users.

The data, which appears to have been stolen from one of Deezer’s third-party service providers in 2019, includes:

  • First and last names
  • Dates of birth
  • Email addresses
  • IP addresses
  • Gender
  • Location data (City and Country)
  • Join date
  • User ID

According to RestorePrivacy which first reported on the breach, the hacker released a sample 5 million stolen records on a well-known hacking forum, claiming to have a 60GB stash of stolen data, including 228 million email addresses:

Today im selling the information of over 200+ million Deezer.com users from 2019 (specifically before september-october of 2019). It includes Users CSV which is a 60gb file with 257,829,454 records, of those records there are approx 228 million non anonymized unique emails. A CSV containing logged user sessions (IP Address and device). Profiles CS, and a folder named final containing 106 CV’s. Source is still unclear but it seems like Deezer hired a third party data analysis company to analyze their users. Ill wait for deezer to confirm where this came from lmao. First buyer also recieves access to where this came from (theres some extra stuff in the source of this).

Deezer published a support advisory about the breach in November, shortly after the hacker’s post.

Deezer describes the leaked data as “non-sensitive information”, and claims that no passwords or payment details have been exposed.

Non-sensitive? Hmm. At the very least the email addresses and other information could be used to create convicing phishing emails, and perhaps be abused by fraudsters to extract further details from Deezer users.

And I, for one, am disappointed to have not receive any notification about the breach from Deezer.

EmailSign up to our newsletter
Security news, advice, and tips.

Back in the mists of time (2014), I had a Deezer account. I’d completely forgotten about it, but managed to log back into Deezer today and found my account was still active.

Thankfully I haven’t been paying a subscription all this time, but I am disgruntled that Deezer hasn’t reached out to affected users to…

Source…