Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267

Data of over 200 million Deezer users stolen, leaks on hacking forum • Graham Cluley | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker


Data of over 200 million Deezer users leaks on hacking forum

Music-streaming service Deezer has owned up to a data breach, after hackers managed to steal the data of over 200 million of its users.

The data, which appears to have been stolen from one of Deezer’s third-party service providers in 2019, includes:

  • First and last names
  • Dates of birth
  • Email addresses
  • IP addresses
  • Gender
  • Location data (City and Country)
  • Join date
  • User ID

According to RestorePrivacy which first reported on the breach, the hacker released a sample 5 million stolen records on a well-known hacking forum, claiming to have a 60GB stash of stolen data, including 228 million email addresses:

Today im selling the information of over 200+ million Deezer.com users from 2019 (specifically before september-october of 2019). It includes Users CSV which is a 60gb file with 257,829,454 records, of those records there are approx 228 million non anonymized unique emails. A CSV containing logged user sessions (IP Address and device). Profiles CS, and a folder named final containing 106 CV’s. Source is still unclear but it seems like Deezer hired a third party data analysis company to analyze their users. Ill wait for deezer to confirm where this came from lmao. First buyer also recieves access to where this came from (theres some extra stuff in the source of this).

Deezer published a support advisory about the breach in November, shortly after the hacker’s post.

Deezer describes the leaked data as “non-sensitive information”, and claims that no passwords or payment details have been exposed.

Non-sensitive? Hmm. At the very least the email addresses and other information could be used to create convicing phishing emails, and perhaps be abused by fraudsters to extract further details from Deezer users.

And I, for one, am disappointed to have not receive any notification about the breach from Deezer.

EmailEmailSign up to our newsletter
Security news, advice, and tips.

Back in the mists of time (2014), I had a Deezer account. I’d completely forgotten about it, but managed to log back into Deezer today and found my account was still active.

Thankfully I haven’t been paying a subscription all this time, but I am disgruntled that Deezer hasn’t reached out to affected users to inform them that the breach has occurred. Instead, the first I knew about it was when I received a notification from Troy Hunt’s Have I Been Pwned project.

Have I Been Pwned notification of Deezer data breachHave I Been Pwned notification of Deezer data breach
Have I Been Pwned notification of Deezer data breach

Naturally I’ve changed my password as a precaution even though I haven’t used Deezer’s services for almost 10 years. When I get the chance, I’ll look into how I can delete my account entirely.

You may wish to consider doing the same if you don’t have any use for Deezer, or at the very least change your password.

As always, make it a strong one that’s hard to crack, and ensure that you’re not using it anywhere else on the internet.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.
Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an email.

——————————————————–


Click Here For The Original Story From This Source.

National Cyber Security

FREE
VIEW