Data from 257 million users has been released, according to stolen data tracker Damien Bancal.
The French streaming platform Deezer has been facing for several weeks the publication on the internet of a file containing data from 250 million user accounts, apparently stolen in 2019 from a service provider. The database emerged in early November on personal data traffic forums. “The data exposed includes basic information, such as first and last names, date of birth, email address“but they do not include information”sensitivesuch as passwords or payment data, Deezer said in a statement to the press.
The data stolen from Deezer alone does not make it possible to directly attack an Internet user. But they can facilitate more elaborate attacks such as phishing, for example the attacker can use personal information to gain the trust of his target. Deezer declined to confirm the number of user accounts affected. According to stolen data tracker Damien Bancal, author of the specialized blog Zataz.com, the data of 257 million users has been put online, representing more than 260 GB (gigabytes) of information. The American site restoreprivacy.com, which had mentioned the case in November, indicated for its part that it had identified “more than 240 millionof affected accounts. Deezer warned the Cnil, the French guardian of privacy on the internet, in November and is working “since then in close collaboration” with her. “We are in the process of contacting the users concerned by email to make them aware of the risks of phishing (phishing) and to encourage them to be vigilant.“, explained Deezer.
SEE ALSO – Music streaming: Deezer enters the Paris Stock Exchange
“The most important» from Facebook
“We recommend our users, as a precaution, to change their passwordadded the company. The basis of this stolen data “was already on sale for a long time in private areas“of pirates,”we heard about itIndirectly, explained Mr. Bancal to AFP. And “December 23“, more than three years after the initial flight according to Deezer, “the file has been made available for freeon an easily accessible site, well known to hackers and hackers, he added.
Read alsoFortnite, Deezer, Spotify and Tinder united against Apple and its App Store
After a data theft, the hacker first tries “to squeeze them like a lemonby trying to extract the maximum value from them himself, or by selling them to a few hacking VIPs, he explained. Then gradually the circle of people who have the file increases, and the value of the data decreases. Until someone decides to put them online for free, especially for self-promotion purposes, says the expert. Deezer clarified that he no longer works “since 2020with the service provider affected by the data theft. “Deezer’s security systems remain effective, and our own databases are safe“, had explained the company in an English blog post, published in November as the data began to emerge. According to restoreprivacy.com, the database notably contains the data of 46.2 million users in France, 37.1 million in Brazil, 15.3 million in Germany. Haveibeenpwned, a site that warns Internet users when their email address is circulating with hackers, warned its subscribers if they were in the stolen database.
Read alsoDeezer tries to convince the market
According to Troy Hunt, the host of the site, the Deezer leak is “the most important” processed by the site, since the discovery of a file containing data on nearly 530 million Facebook accounts in the first half of 2021. The case comes in a general tense context for Deezer, which is struggling to find its place against the giants industry like Spotify, Apple Music. The share price fell to a level around 3 euros, while it had been introduced on the Paris Stock Exchange at 8.5 euros in July 2022.
SEE ALSO – Bruno Guillon: “I like the kick in the ass that streaming platforms put on TV”