Bad news for Deezer users: over 220+ million users' info exposed
-
If you're a user of the well-known music streaming app, you'll probably want to change your security details, or even consider switching after the Paris-based company admitted it was the target of a hacker attack that stole the data of approximately 229 million users back in 2019.
According to RestorePrivacy, the breach of the stolen data was first disclosed on November 6th last year in a hacker forum, where a user stated that they had stolen data from over 240 million music streaming users. Among the private information leaked we can find things such as name and surname, date of birth, email address, gender, location data, date of affiliation and user ID. The hacker published a list with the information of at least 5 million people and claimed to have another 60gb with the rest of the data.
Shortly after this information came to light, Deezer posted an official response on the subject, admitting the data breach and explaining that the data was stolen through an invasion of a third-party partner with which the company worked. "The data in question was manipulated by a third-party partner with whom we had worked and that had access to certain data. The data was not accessible from Deezer's systems. However, some data, including email addresses and certain data of some users, may have been accessed and potentially affected" they said. They also ensured that information regarding passwords or payment details were not leaked, but regardless of that, there is no doubt that the type of information violated is sensitive enough for users to be victims of fraud or impersonation.
If this wasn't enough reason for its users to consider looking for other alternatives to Deezer, let's remember that just a few months ago the platform announced the end of its free plan until January 23 in some countries with their highest user base, such as Chile, Peru and Colombia, which leaves the app at a disadvantage compared to other services like Spotify or Tidal.
We recommend that you not only change your Deezer credentials even if you haven't been using it for a while, but always use Two-factor authentication (2FA) on all the services you use (whenever it's available). You can also keep an eye on services like Have I been pwned? and other Data Breach Tools to keep up to date on your data that has been compromised in a massive data breach. Finally, remember to use a Password Manager like 1Password to increase the security level of your passwords and renew them often.
>Laptop ACER, AMD Ryzen, GPU AMD Radeon RAM 16GB, SSD 512GB -Win11 Home 64 v24H2| Vivaldi last stable|
-
I was already a Deezer customer, but I was not affected. There is no alternative for Deezer, for the following reasons: Deezer is so the only music streaming provider that offers transtanslated and synchronized lyrics, Deezer offers Hi-Fi (FLAC) sound to all premium users and pays musicians better than Spotify.
🍀 Before you ask, use Vivaldi Help (F1🍀Search Engine Collection🍀My Themes🍀Windows11 24H2🍀Samsung Galaxy A55 5G Android 14🍀
-
Please note this information from the Deezer team:
https://support.deezer.com/hc/en/articles/7726141292317-Datenschutzverletzungen-durch-Dritte
-
@stardepp , maybe, although I'm not that gourmet because I don't have a stereo that can take advantage of the FLAC format, I'm content with a good playback of music in mp3 and other formats.
To pay for listening to music, I prefer to buy a disk or going to an concert, I'm so old school. Paid services always imply giving sensitive data to third parties with the consequent risks of leaks, as in this and many other cases, for this reason I never had used them in more than 20 years, nor do sites that require a registration with more than nickname and mail, better if they are without necessary registration, as there are in multiple streaming services that exist, for example this and others, or privacy desktop clients, like FreeTube or some m3u archives, etc.. -
@stardepp said in Bad news for Deezer users: over 220+ million users' info exposed:
I was already a Deezer customer, but I was not affected. There is no alternative for Deezer, for the following reasons: Deezer is so the only music streaming provider that offers transtanslated and synchronized lyrics, Deezer offers Hi-Fi (FLAC) sound to all premium users and pays musicians better than Spotify.
Bandcamp offers a variety of formats including FLAC for free, and takes a very fair 10% on sales.
These are pointless comparisons when the real issue is, do the other services have the same music ?
Deezer has obscure artists in the system you won't find in spotify or itunes.
No matter what the formats or pricing, you can't listen to it if it isn't there -
Bad data breach with personal data. I hope, Deezer will get a high fine by EU-GDPR laws.
-
@DoctorG said in Bad news for Deezer users: over 220+ million users' info exposed:
Bad data breach with personal data. I hope, Deezer will get a high fine by EU-GDPR laws.
I have to disagree, the data leak was not at Deezer, but at a third-party provider of Deezer, see here:
https://support.deezer.com/hc/en-gb/articles/7726141292317-Third-Party-Data-Breach
🍀 Before you ask, use Vivaldi Help (F1🍀Search Engine Collection🍀My Themes🍀Windows11 24H2🍀Samsung Galaxy A55 5G Android 14🍀
-
@stardepp But that reads like Deezer gave data to be processed by external company and did not forced them to delete customer data after the contract between them ended.
That's why we should never trust companies will really store personal data in a safe way.
-
@stardepp , it is irrelevant from where the data leaked, from Deezer or the company to which Deezer provided the data, it remains Deezer's responsibility.
You can see what Deezer does with your data and how it protects it in the PP and TOS it has, but you have neither knowledge nor control over what third-party companies do with it. For this reason, it should be prohibited to pass private data to others, as it is also for a user to provide foreign data to others.
Imagine that I have your private data and to earn money I sell it to third parties. With all reason you would denounce me and I would sit in front of a judge for this, but if a company does this, it seems that we do not care.
For this reason, I prefer to be old-fashioned, as I mentioned before, and do without services of this type, which pass data to third parties that I do not know.
Blacklight says
This website loads trackers on your computer that are designed to evade third-party cookie blockers.
Canvas fingerprinting was detected on this website. This technique is designed to identify users even if they block third-party cookies. It can be used to track users' behavior across sites. This technique was used by six percent of popular sites when we scanned them in September 2020.
Blacklight detected a script belonging to the company DEEZER doing this on this site.
It secretly draws the following image on your browser when you visit this website for the purpose of identifying your device.
Trustworth? I don't think so
-
The HaveIBePawned wrote interesting about Deezer's partner at https://haveibeenpwned.com/PwnedWebsites#Deezer
-
@DoctorG It's a good thing I never game them any real details about me (fake DoB, fake name, etc). They may have gotten my real payment details, but it doesn't look like that was in the data breach.
💻 Windows 10 64-bit Sopranos Builds • en-GB • 🗳 vote for features • 🕵️♀️ Code of Conduct • 🐞 Report bugs
-
Said:
any real details about me (fake DoB, fake name, etc).
Of course, that is the only way you must interact with the pages that ask you for data.
