228 Million Data Stolen: Deezer Users
The well-known music streaming service Deezer, which has millions of customers worldwide, revealed a serious data breach that may have impacted millions of Deezer members when a hacker offered information from more than 200 million users for sale on a hacking website.
Deezer claims that the data breach occurred in 2019 and that the hackers were successful in acquiring a copy of user data from a third-party service provider, with whom they had not collaborated since 2020.
Deezer asserted that it had taken all necessary steps to work with the third-party service provider and guarantee that security measures were in place. These steps included obtaining ISO 27001 and SOC 2 certifications, contractual obligations to secure data, GDPR-compliant data protection agreements, and certificates of data destruction at the end of their contract.
According to data sample analysis, the exposed sensitive information included e-mail addresses, user first and last names, dates of birth, gender, location data including city and country, user ID, and registration date.
According to the hacker, millions of people in the following nations are impacted by this data leak, including the United States, Great Britain, France, Germany, Brazil, Mexico, Italy, Turkey, Columbia, and Guatemala.
No hacker organization took responsibility for the data breach, so far only available information is that a threat actor called published data on a breach hacking forum.
The price for the entire dump was not made public because the threat actor only shared it privately with other forum users through direct messaging, so it is further unknown. It’s also uncertain if anyone has purchased the data collection yet.
Before updating the post with a sample of 5 million lines, the hacker published a sample of 1 million stolen records.
Shortly after the hacker released this information, Deezer has been informed that one of their partners suffered a data breach in 2019 as a result of which a snapshot of non-sensitive user data was made public.
Deezer claims that the security measures are strong and in place, databases are safe as well as that this attack did not compromise any passwords or payment information.
