A mountain of data stolen from Deezer in 2019 resurfaces

Mount of data stolen from Deezer in 2019 resurfaces


The data of nearly 250 million user accounts of the French music streaming platform Deezer have emerged in recent weeks on personal data trafficking forums, several sites specializing in data leakage have reported.  

Deezer said on Tuesday that it had been informed that data stolen “from one of [its] former service providers”, in 2019, had been exposed on the internet.

“The exposed data includes basic information, such as first and last name, date of birth, email address,” Deezer clarified, but does not contain “any password or login data. payment”.

Deezer refused to confirm the number of user accounts concerned.

But, according to stolen data tracker Damien Bancal, author of the specialized blog Zataz.com, the data of 257 million users were put online, representing more than 260 GB (gigabytes) of information.

The American site restoreprivacy.org, which had mentioned the case as of November, indicated for its part to have identified “more than 240 million” accounts concerned.

Deezer warned the CNIL, the French guardian of digital privacy, in November and has been working with them “since in close collaboration”.

In agreement with the CNIL, “we are in the process of contacting by email affected users to raise awareness of the risks of phishing [phishing] and encourage them to be vigilant,” Deezer explained. “We recommend that our users, as a precaution, change their passwords,” the company reported.

The database of this stolen data “was already on sale for a long time in private areas of pirates, explained Damien Bancal. “On December 23”, more than three years after the initial theft according to Deezer, “the file was made freely accessible” on a freely accessible site, well known to pirates and hackers, he added.


According to restoreprivacy.org, the database notably contains the data of 46.2 million users in France, 37.1 million in Brazil and 15.3 million in Germany.< /p>