February 7, 2023

Data of over 200 million Deezer users leaks on hacking forum

Music-streaming service Deezer has owned up to a knowledge breach, after hackers managed to steal the information of over 200 million of its customers.

The information, which seems to have been stolen from one among Deezer’s third-party service suppliers in 2019, consists of:

  • First and final names
  • Dates of delivery
  • E mail addresses
  • IP addresses
  • Gender
  • Location knowledge (Metropolis and Nation)
  • Be part of date
  • Consumer ID

In line with RestorePrivacy which first reported on the breach, the hacker launched a pattern 5 million stolen data on a well known hacking discussion board, claiming to have a 60GB stash of stolen knowledge, together with 228 million e-mail addresses:

As we speak im promoting the knowledge of over 200+ million Deezer.com customers from 2019 (particularly earlier than september-october of 2019). It consists of Customers CSV which is a 60gb file with 257,829,454 data, of these data there are approx 228 million non anonymized distinctive emails. A CSV containing logged person classes (IP Tackle and machine). Profiles CS, and a folder named closing containing 106 CV’s. Supply continues to be unclear but it surely looks like Deezer employed a 3rd celebration knowledge evaluation firm to investigate their customers. Ailing look forward to deezer to verify the place this got here from lmao. First purchaser additionally recieves entry to the place this got here from (theres some additional stuff within the supply of this).

Deezer printed a support advisory in regards to the breach in November, shortly after the hacker’s put up.

Deezer describes the leaked knowledge as “non-sensitive data”, and claims that no passwords or cost particulars have been uncovered.

Non-sensitive? Hmm. On the very least the e-mail addresses and different data could possibly be used to create convicing phishing emails, and maybe be abused by fraudsters to extract additional particulars from Deezer customers.

And I, for one, am disenchanted to haven’t obtain any notification in regards to the breach from Deezer.

EmailSignal as much as our publication
Safety information, recommendation, and suggestions.

Again within the mists of time (2014), I had a Deezer account. I’d fully forgotten about it, however managed to log again into Deezer as we speak and located my account was nonetheless energetic.

Fortunately I haven’t been paying a subscription all this time, however I’m disgruntled that Deezer hasn’t reached out to affected customers to tell them that the breach has occurred. As an alternative, the primary I knew about it was after I obtained a notification from Troy Hunt’s Have I Been Pwned mission.

Have I Been Pwned notification of Deezer data breach
Have I Been Pwned notification of Deezer knowledge breach

Naturally I’ve modified my password as a precaution although I haven’t used Deezer’s providers for nearly 10 years. Once I get the possibility, I’ll look into how I can delete my account totally.

You might want to take into account doing the identical for those who don’t have any use for Deezer, or on the very least change your password.

As at all times, make it a robust one which’s laborious to crack, and be certain that you’re not utilizing it wherever else on the web.

Discovered this text fascinating? Follow Graham Cluley on Twitter or Mastodon to learn extra of the unique content material we put up.


Graham Cluley is a veteran of the anti-virus trade having labored for quite a lot of safety corporations because the early Nineteen Nineties when he wrote the primary ever model of Dr Solomon’s Anti-Virus Toolkit for Home windows. Now an unbiased safety analyst, he repeatedly makes media appearances and is a world public speaker on the subject of laptop safety, hackers, and on-line privateness.
Observe him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an e-mail.