Due to a leak dating back to 2019, the data of 250 million Deezer users is freely circulating on specialized forums. The platform advises, as a precaution, to change your password.
The year 2022 proved to be very lucrative for hackers, with repeated hacks of the LastPass password manager – hackers even got their hands on the contents of the safes –, La Poste Mobile, Nintendo Switch or Google Homes – and that’s just a sample. And 2023 seems to continue in the same vein! Indeed, Deezer, which is one of the largest music streaming platforms in the world, was the victim of a data leak in … 2019. And, today, the data that the criminal stole is free. circulation on the Dark Web. these “were already on sale for a long time in private spaces” of pirates, “we heard about it” indirectly, explains Damien Bancal, a journalist for the Zataz cybersecurity site, at the Parisian. It’s December 23, more than three years after the flight, that the file was made available for free on an easily accessible site well known to hackers.
Deezer hack: a leak that dates back to 2019
The massive data leak took place in 2019 following an error by a Deezer partner – with whom the firm ceased all collaboration in 2020 – regarding the configuration of a storage space. On his siteshe promises that “Deezer’s security systems remain effective, and our own databases are reliable and secure.” The hacker, well known to the hacker community as Sin, managed to infiltrate via a man-in-the-middle attack – an attack that is intended to intercept communications between two parties, without either party suspecting that the communication channel between them has been compromised. He was able to recover a total of 260 GB of data, as seen by Zataz.
This data includes in particular the first and last names of users, their dates of birth, their email and IP addresses, their gender, their location data, the date of membership and the unique ID assigned to each account. Deezer claims that no password or payment data was stolen. In November 2022, the company notified the National Commission for Computing and Liberties (CNIL) and is likely working “in close collaboration” with the monitoring body. It is now working to warn the 46.2 million French users who were affected by the flaw.. “We are in the process of contacting the users concerned by e-mail to make them aware of the risks of phishing (phishing) and to encourage them to be vigilant.“, she explains. There is indeed a fear that malicious people could use personal information to gain the trust of their targets.
As a precautionary measure, Deezer recommends that all its users change their password. He also encourages them to consult the website of the Ministry of Economy, Finance and Industrial and Digital Sovereignty. In any case, the news is really bad news for the French platform, which is currently experiencing some financial difficulties and is trying to review its strategy.