Data Of 228 Million Deezer Users Stolen

Contents

Summary Of The Attack

  • On November 6th, 2022, a hacker posted on a forum a 60GB CSV file containing personal information including that of the 228 million Deezer members.
  • According to Deezer, the data breach happened in 2019 during which hackers has stolen a user data snapshot by breaching one of their third-party partners.
  • Deezer claims that the security measures are strong and in place.
  • It is recommended to reset your passwords on the Deezer platform as well as enable two-factor authentication (2FA).
.

What Happened?

After a hacker offered information from more than 200 million users for sale on a hacking site, the well-known music streaming service Deezer, which has millions of subscribers worldwide, acknowledged a significant data breach that may have affected millions of Deezer members.

According to Deezer, the data breach happened in 2019 and the hackers were successful in stealing a snapshot of user data at a third-party service provider, which they have not worked with since 2020.

Deezer claimed that it had taken all necessary measures to cooperate with the third-party service provider and ensure that security measures were in place, including obtaining ISO 27001 and SOC 2 certifications, contractual obligations to secure data, GDPR-compliant data protection agreements, certificates of data destruction at the conclusion of their contract.

What Was The Impact?

On November 6th, 2022, a 60GB CSV file containing non-anonymized personal information including 257,829,454 records of the 228 million Deezer members was posted by a user of a well-known breached forum.

According to data sample analysis, the exposed sensitive information included e-mail addresses, user first and last names, dates of birth, gender, location data including city and country, user ID, and registration date.

228 million Deezer members was posted by a user of a well-known breached forum.

According to the hacker, millions of people in the following nations are impacted by this data leak, including the United States, Great Britain, France, Germany, Brazil, Mexico, Italy, Turkey, Columbia, and Guatemala.

Free Security Policy Templates

Get a step ahead of your cybersecurity goals with our comprehensive templates.

IT Security Policy Templates

Who Is Responsible For This Attack?

No hacker organization took responsibility for the data breach, so far only available information is that a threat actor called published data on a breach hacking forum.

The price for the entire dump was not made public because the threat actor only shared it privately with other forum users through direct messaging, so it is further unknown. It’s also uncertain if anyone has purchased the data collection yet.

Before updating the post with a sample of 5 million lines, the hacker published a sample of 1 million stolen records.

How Did The Attack Happen?

Shortly after the hacker released this information, Deezer has been informed that one of their partners suffered a data breach in 2019 as a result of which a snapshot of non-sensitive user data was made public.

Deezer claims that the security measures are strong and in place, databases are safe as well as that this att