Deezer: the data of 250 million users, stolen in 2019, leaks on the Internet

The names, email addresses and dates of birth of millions of users of Deezer are just a click away from hackers. The French streaming platform Deezer has been facing for several weeks the publication on the Internet of a file containing data from 250 million user accounts, apparently stolen in 2019 from a service provider.

“The data exposed includes basic information, such as first and last names, date of birth, email address” but does not include “sensitive” information such as passwords or payment data, Deezer said in a press statement.

This data stolen from Deezer alone does not allow a user to be directly attacked. But they can facilitate more elaborate attacks such as phishing, for example the attacker can use personal information to gain the trust of his target.

Deezer refused to confirm the number of user accounts concerned, but according to Damien Bancal, author of the specialized blog Zataz.comthe data of 257 million users has been uploaded, amounting to more than 260 GB (gigabytes) of information.

The American site restoreprivacy.comwho had mentioned the case in November, indicated for his part that he had identified “more than 240 million” accounts concerned, including 46.2 million users in France, 37.1 million in Brazil and 15.3 million in France. Germany.

Deezer warned in November the Cnil, the French guardian of privacy on the Internet, and has been working “since in close collaboration” with it. “We are in the process of contacting affected users by email to make them aware of the risks of phishing (phishing) and to encourage them to be vigilant,” explained Deezer. “We recommend that our users, as a precaution, change their passwords,” the company added.

Data on sale for a long time

The database of this data stolen in 2019 “had already been on sale for a long time in private spaces” of hackers, “we heard about it” indirectly, explained Damien Bancal. And “on December 23”, more than three years after the initial theft according to Deezer, “the file was made available for free” on an easily accessible site, well known to pirates and hackers, he added.

After a data theft, the hacker first tries to “squeeze it like a lemon” by trying to extract the maximum value from it himself, or by selling it to a few hacker VIPs, he said. he explains. Then gradually the circle of people who have the file increases, and the value of the data decreases. Until someone decides to put them online for free, for self-promotion purposes in particular, continued the expert.

Deezer clarified that he no longer worked “since 2020” with the provider targeted by the data theft. “Deezer’s security systems remain effective, and our own databases are safe,” the company explained in an English blog post, published in November as the data began to emerge.

According to Troy Hunt, the host of the Haveibeenpwned site, which warns Internet users when their email address is circulating among hackers, the Deezer leak is “the most important” handled by the site, since the discovery of a file containing data on nearly 530 million Facebook accounts in the first half of 2021.

The case comes in a tense general context for Deezer, which is struggling to find its place against the giants of the sector like Spotify, Apple Music. The share price fell to a level around 3 euros, whereas it had been listed on the Paris Stock Exchange at 8.5 euros in July 2022.

We wish to say thanks to the writer of this short article for this awesome content

Deezer: the data of 250 million users, stolen in 2019, leaks on the Internet

Find here our social media profiles and other pages that are related to them.