Music-streaming service Deezer has owned up to a knowledge breach, after hackers managed to steal the info of over 200 million of its customers.
The info, which seems to have been stolen from one in all Deezer’s third-party service suppliers in 2019, consists of:
- First and final names
- Dates of delivery
- Electronic mail addresses
- IP addresses
- Gender
- Location information (Metropolis and Nation)
- Be part of date
- Consumer ID
In line with RestorePrivacy which first reported on the breach, the hacker launched a pattern 5 million stolen data on a well known hacking discussion board, claiming to have a 60GB stash of stolen information, together with 228 million e mail addresses:
Immediately im promoting the data of over 200+ million Deezer.com customers from 2019 (particularly earlier than september-october of 2019). It consists of Customers CSV which is a 60gb file with 257,829,454 data, of these data there are approx 228 million non anonymized distinctive emails. A CSV containing logged consumer classes (IP Deal with and system). Profiles CS, and a folder named ultimate containing 106 CV’s. Supply remains to be unclear but it surely looks as if Deezer employed a 3rd occasion information evaluation firm to research their customers. Ailing await deezer to verify the place this got here from lmao. First purchaser additionally recieves entry to the place this got here from (theres some further stuff within the supply of this).
Deezer revealed a assist advisory concerning the breach in November, shortly after the hacker’s submit.
Deezer describes the leaked information as “non-sensitive info”, and claims that no passwords or cost particulars have been uncovered.
Non-sensitive? Hmm. On the very least the e-mail addresses and different info may very well be used to create convicing phishing emails, and maybe be abused by fraudsters to extract additional particulars from Deezer customers.
And I, for one, am upset to haven’t obtain any notification concerning the breach from Deezer.
Signal as much as our publicationAgain within the mists of time (2014), I had a Deezer account. I’d utterly forgotten about it, however managed to log again into Deezer as we speak and located my account was nonetheless energetic.
Fortunately I haven’t been paying a subscription all this time, however I’m disgruntled that Deezer hasn’t reached out to affected customers to tell them that the breach has occurred. As a substitute, the primary I knew about it was once I acquired a notification from Troy Hunt’s Have I Been Pwned challenge.
Naturally I’ve modified my password as a precaution despite the fact that I haven’t used Deezer’s companies for nearly 10 years. Once I get the possibility, I’ll look into how I can delete my account completely.
Chances are you’ll want to think about doing the identical if you happen to don’t have any use for Deezer, or on the very least change your password.
As at all times, make it a robust one which’s onerous to crack, and be sure that you’re not utilizing it wherever else on the web.
Discovered this text fascinating? Comply with Graham Cluley on Twitter or Mastodon to learn extra of the unique content material we submit.
