Data on 257 million users has been released, according to stolen data tracker Damien Bancal.
The French streaming platform Deezer has been facing for several weeks the publication on the internet of a file containing the data of 250 million user accounts, apparently stolen in 2019 from a service provider. The database surfaced in early November on Personal Data Trafficking forums. “The exposed data includes basic information, such as name and surname, date of birth, e-mail address“but don’t include information”sensitivesuch as passwords or payment details, Deezer said in a press statement.
The data stolen by Deezer by itself does not allow it to directly attack an Internet user. But they can facilitate more elaborate attacks like phishing, for example the attacker can use personal information to gain the trust of his target. Deezer declined to confirm the number of affected user accounts. According to the stolen data tracker Damien Bancal, author of the specialized blog Zataz.com, the data of 257 million users has been put online, representing more than 260 GB (gigabytes) of information. The American site restoreprivacy.com, which had cited the case in November, indicated for its part that it had identified “more than 240 millionof affected accounts. Deezer warned the CNIL, the French guardian of internet privacy, in November and is working”since then in close collaboration” with her. “We are contacting affected users via email to inform them of the risks of phishing (phishing) and to encourage them to be vigilant.“, explained Deezer.
“The most important» from Facebook
“We recommend that our users, as a precaution, change their passwordthe company added. The basis of this stolen data”it had already been on sale in private areas for some time“of the pirates”,we’ve heard of itIndirectly, Bancal explained to AFP. AND “December 23rdmore than three years after the initial flight according to Deezer, “the file was made freely availableon an easily accessible site, well known to hackers and hackers, he added.
After a data theft, the hacker first tries “to squeeze them like a lemontrying to extract the maximum value from them himself, or selling them to some VIP hacker, he explained. Then gradually the circle of people who have the file increases and the value of the data decreases. Until someone decides to put them online for free, mostly for self-promotion purposes, says the expert. Deezer made it clear that he no longer works”from 2020with the service provider affected by the data theft. “Deezer’s security systems remain effective and our databases are safe“, the company had explained in an English blog post, published in November as the data began to emerge. According to restoreprivacy.com, the database notably contains the data of 46.2 million users in France, 37.1 million in Brazil, 15.3 million in Germany. Haveibeenpwned, a site that warns Internet users when their email address is being circulated by hackers, warned its subscribers if they were in the stolen database.
According to site host Troy Hunt, Deezer’s leak is “the most important” elaborated by the site, from the discovery of a file containing data on almost 530 million Facebook accounts in the first half of 2021. The case fits into a context of general tension for Deezer, which is struggling to find its place against the giants of the sector such as Spotify, Apple Music. The share price has fallen to a level around 3 euros, while it was introduced on the Paris Stock Exchange at 8.5 euros in July 2022.