Music-streaming service Deezer has owned up to an information breach, after hackers managed to steal the info of over 200 million of its customers.
The information, which seems to have been stolen from one among Deezer’s third-party service suppliers in 2019, contains:
- First and final names
- Dates of beginning
- E-mail addresses
- IP addresses
- Gender
- Location information (Metropolis and Nation)
- Be part of date
- Person ID
In response to RestorePrivacy which first reported on the breach, the hacker launched a pattern 5 million stolen information on a widely known hacking discussion board, claiming to have a 60GB stash of stolen information, together with 228 million electronic mail addresses:
At present im promoting the knowledge of over 200+ million Deezer.com customers from 2019 (particularly earlier than september-october of 2019). It contains Customers CSV which is a 60gb file with 257,829,454 information, of these information there are approx 228 million non anonymized distinctive emails. A CSV containing logged consumer classes (IP Handle and machine). Profiles CS, and a folder named last containing 106 CV’s. Supply continues to be unclear nevertheless it looks as if Deezer employed a 3rd get together information evaluation firm to investigate their customers. Ailing look forward to deezer to substantiate the place this got here from lmao. First purchaser additionally recieves entry to the place this got here from (theres some additional stuff within the supply of this).
Deezer printed a assist advisory in regards to the breach in November, shortly after the hacker’s put up.
Deezer describes the leaked information as “non-sensitive info”, and claims that no passwords or cost particulars have been uncovered.
Non-sensitive? Hmm. On the very least the e-mail addresses and different info might be used to create convicing phishing emails, and maybe be abused by fraudsters to extract additional particulars from Deezer customers.
And I, for one, am disillusioned to haven’t obtain any notification in regards to the breach from Deezer.
Again within the mists of time (2014), I had a Deezer account. I’d utterly forgotten about it, however managed to log again into Deezer at present and located my account was nonetheless lively.
Fortunately I haven’t been paying a subscription all this time, however I’m disgruntled that Deezer hasn’t reached out to affected customers to tell them that the breach has occurred. As a substitute, the primary I knew about it was once I obtained a notification from Troy Hunt’s Have I Been Pwned mission.
Naturally I’ve modified my password as a precaution regardless that I haven’t used Deezer’s companies for nearly 10 years. Once I get the possibility, I’ll look into how I can delete my account completely.
It’s possible you’ll want to contemplate doing the identical should you don’t have any use for Deezer, or on the very least change your password.
As all the time, make it a powerful one which’s laborious to crack, and be certain that you’re not utilizing it wherever else on the web.
Discovered this text fascinating? Observe Graham Cluley on Twitter or Mastodon to learn extra of the unique content material we put up.