• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
Restore Privacy

Restore Privacy

Resources to stay safe and secure online

  • News
  • Tools
    • Secure Browser
    • VPN
    • Ad Blocker
    • Secure Email
    • Private Search Engine
    • Data Removal
      • Incogni Review
    • Password Manager
    • Secure Messaging App
    • Tor
    • Identity Theft Protection
    • Unblock Websites
    • Privacy Tools
  • Email
    • Secure Email
    • ProtonMail Review
    • Tutanota Review
    • Mailfence Review
    • Mailbox.org Review
    • Hushmail Review
    • Posteo Review
    • Fastmail Review
    • Runbox Review
    • CTemplar Review
    • Temporary Disposable Email
    • Encrypted Email
    • Alternatives to Gmail
  • VPN
    • What is VPN
    • VPN Reviews
      • NordVPN Review
      • Surfshark VPN Review
      • VyprVPN Review
      • Perfect Privacy Review
      • ExpressVPN Review
      • CyberGhost Review
      • AVG VPN Review
      • IPVanish Review
      • Hotspot Shield VPN Review
      • ProtonVPN Review
      • Atlas VPN Review
      • Private Internet Access Review
      • Avast VPN Review
      • TorGuard Review
      • PrivadoVPN Review
    • VPN Comparison
      • NordVPN vs ExpressVPN
      • NordVPN vs PIA
      • IPVanish vs ExpressVPN
      • CyberGhost vs NordVPN
      • Surfshark vs NordVPN
      • IPVanish vs NordVPN
      • ExpressVPN vs PIA
      • VyprVPN vs NordVPN
      • CyberGhost vs ExpressVPN
      • NordVPN vs HideMyAss
      • ExpressVPN vs ProtonVPN
      • Atlas VPN vs NordVPN
      • ExpressVPN vs Surfshark
      • NordVPN vs Proton VPN
      • Surfshark vs CyberGhost
      • Surfshark vs IPVanish
    • Best VPNs
      • Best VPN for Torrenting
      • Best VPN for Netflix
      • Best Free VPN
      • VPN for Firestick TV
      • Best VPN for Android
      • Best VPN for Gaming
      • Best VPN for PC
      • Best VPN for Disney Plus
      • Best VPN for Hulu
      • Best VPN for Mac
      • Best VPN for Streaming
      • Best VPN for Windows
      • Best VPN for iPhone
    • VPN Coupons
      • ExpressVPN Coupon
      • NordVPN Coupon
      • Cyber Monday VPN Deals
      • NordVPN Cyber Monday
      • Surfshark VPN Cyber Monday
      • ExpressVPN Cyber Monday
    • VPN Guides
      • Free Trial VPN
      • Cheap VPNs
      • Static IP VPN
      • VPN Ad Blocking
      • No Logs VPN
      • Best VPN Chrome
      • Best VPN Reddit
      • Split Tunneling VPN
      • VPN for Binance
      • WireGuard VPN
      • VPN for Amazon Prime
      • VPN for Linux
      • VPN for iPad
      • VPN for Firefox
      • VPN for BBC iPlayer
    • By Country
      • Best VPN Canada
      • Best VPN USA
      • Best VPN UK
      • Best VPN Australia
      • VPN for Russia
    • VPN Router
  • Password
    • Best Password Managers
    • Comparisons
      • NordPass vs 1Password
      • 1Password vs LastPass
      • NordPass vs LastPass
      • RoboForm vs NordPass
      • 1Password vs Bitwarden
      • Dashlane vs NordPass
      • 1Password vs Dashlane
      • NordPass vs Bitwarden
    • KeePass Review
    • NordPass Review
    • 1Password Review
    • Dashlane Review
    • RoboForm Review
    • LastPass Review
    • Bitwarden Review
    • Strong Password
  • Storage
    • Best Cloud Storage
    • pCloud Review
    • Nextcloud Review
    • IDrive Review
    • SpiderOak Review
    • Sync.com Review
    • MEGA Cloud Review
    • NordLocker Review
    • Tresorit Review
    • Google Drive Alternatives
  • Messenger
    • Secure Messaging Apps
    • Signal Review
    • Telegram Review
    • Wire Review
    • Threema Review
    • Session Review
  • Info
    • Mission
    • Press
    • Contact
  • News
  • Tools
    • Secure Browser
    • VPN
    • Ad Blocker
    • Secure Email
    • Private Search Engine
    • Data Removal
      • Incogni Review
    • Password Manager
    • Secure Messaging App
    • Tor
    • Identity Theft Protection
    • Unblock Websites
    • Privacy Tools
  • Email
    • Secure Email
    • ProtonMail Review
    • Tutanota Review
    • Mailfence Review
    • Mailbox.org Review
    • Hushmail Review
    • Posteo Review
    • Fastmail Review
    • Runbox Review
    • CTemplar Review
    • Temporary Disposable Email
    • Encrypted Email
    • Alternatives to Gmail
  • VPN
    • What is VPN
    • VPN Reviews
      • NordVPN Review
      • Surfshark VPN Review
      • VyprVPN Review
      • Perfect Privacy Review
      • ExpressVPN Review
      • CyberGhost Review
      • AVG VPN Review
      • IPVanish Review
      • Hotspot Shield VPN Review
      • ProtonVPN Review
      • Atlas VPN Review
      • Private Internet Access Review
      • Avast VPN Review
      • TorGuard Review
      • PrivadoVPN Review
    • VPN Comparison
      • NordVPN vs ExpressVPN
      • NordVPN vs PIA
      • IPVanish vs ExpressVPN
      • CyberGhost vs NordVPN
      • Surfshark vs NordVPN
      • IPVanish vs NordVPN
      • ExpressVPN vs PIA
      • VyprVPN vs NordVPN
      • CyberGhost vs ExpressVPN
      • NordVPN vs HideMyAss
      • ExpressVPN vs ProtonVPN
      • Atlas VPN vs NordVPN
      • ExpressVPN vs Surfshark
      • NordVPN vs Proton VPN
      • Surfshark vs CyberGhost
      • Surfshark vs IPVanish
    • Best VPNs
      • Best VPN for Torrenting
      • Best VPN for Netflix
      • Best Free VPN
      • VPN for Firestick TV
      • Best VPN for Android
      • Best VPN for Gaming
      • Best VPN for PC
      • Best VPN for Disney Plus
      • Best VPN for Hulu
      • Best VPN for Mac
      • Best VPN for Streaming
      • Best VPN for Windows
      • Best VPN for iPhone
    • VPN Coupons
      • ExpressVPN Coupon
      • NordVPN Coupon
      • Cyber Monday VPN Deals
      • NordVPN Cyber Monday
      • Surfshark VPN Cyber Monday
      • ExpressVPN Cyber Monday
    • VPN Guides
      • Free Trial VPN
      • Cheap VPNs
      • Static IP VPN
      • VPN Ad Blocking
      • No Logs VPN
      • Best VPN Chrome
      • Best VPN Reddit
      • Split Tunneling VPN
      • VPN for Binance
      • WireGuard VPN
      • VPN for Amazon Prime
      • VPN for Linux
      • VPN for iPad
      • VPN for Firefox
      • VPN for BBC iPlayer
    • By Country
      • Best VPN Canada
      • Best VPN USA
      • Best VPN UK
      • Best VPN Australia
      • VPN for Russia
    • VPN Router
  • Password
    • Best Password Managers
    • Comparisons
      • NordPass vs 1Password
      • 1Password vs LastPass
      • NordPass vs LastPass
      • RoboForm vs NordPass
      • 1Password vs Bitwarden
      • Dashlane vs NordPass
      • 1Password vs Dashlane
      • NordPass vs Bitwarden
    • KeePass Review
    • NordPass Review
    • 1Password Review
    • Dashlane Review
    • RoboForm Review
    • LastPass Review
    • Bitwarden Review
    • Strong Password
  • Storage
    • Best Cloud Storage
    • pCloud Review
    • Nextcloud Review
    • IDrive Review
    • SpiderOak Review
    • Sync.com Review
    • MEGA Cloud Review
    • NordLocker Review
    • Tresorit Review
    • Google Drive Alternatives
  • Messenger
    • Secure Messaging Apps
    • Signal Review
    • Telegram Review
    • Wire Review
    • Threema Review
    • Session Review
  • Info
    • Mission
    • Press
    • Contact

Music Service Deezer Admits Data Breach via Third Party, Possibly Affecting 200M+ Users

December 7, 2022 By Sven Taylor — 16 Comments
Deezer Data Breach 2022

Deezer has admitted to a data breach via a third party after a hacker posted data from 200+ million Deezer users for sale on a hacking forum. In an email to RestorePrivacy, Deezer confirmed the incident and explained they are working with French authorities.

Deezer, the popular music streaming service with millions of users around the world, has admitted to a large-scale data breach via a third-party service provider that potentially affects millions of Deezer users.

The company says the data breach occurred back in 2019, with the hackers managing to steal a snapshot of user data.

Based on RestorePrivacy’s analysis of the data sample, the exposed information includes:

  • First and last names
  • Dates of birth
  • Email addresses
  • Gender
  • Location data (City and Country)
  • Join date
  • User ID

According to Deezer, no passwords or payment details have been compromised as a result of this attack.

A user on the Breached hacking forums published a sample of the data on November 6, 2022. The user is claiming to have data from 240+ million Deezer users and has now released a 5 million user sample.

Shortly after the hacker released this information, Deezer admitted to a security breach via the support section of its website.

“This information came to light November 8, 2022, as a result of our ongoing efforts to ensure the security and integrity of our users’ personal information,” reads Deezer’s announcement.

“The data in question had been handled by a 3rd party partner that we haven’t worked with since 2020, and it was this partner that experienced the breach. Deezer’s security systems remain effective, and our own databases are secure.”

The hacker’s poster claimed intent to sell the data, saying the full 60 GB dump contains:

  • almost 258 million records,
  • 228 million email addresses in cleartext form, and
  • log sessions, including IP addresses and device details.
Seller’s post on Breached forums.
Source: RestorePrivacy.com

The hacker is claiming that this data breach affects millions of users in the following countries:

  • France: 46.2 million users
  • Brazil: 37.1 million users
  • Great Britain: 15.3 million users
  • Germany: 14.1 million users
  • Mexico: 11.1 million users
  • Columbia: 9.0 million users
  • Turkey: 6.9 million users
  • United States: 6.4 million users
  • Italy: 5.0 million users
  • Guatemala: 4.4 million users

The requested price for the full dump wasn’t disclosed publicly as the threat actor only shared it via direct messages with other forum users, so it’s unspecified. Also, it is unknown if anyone has bought the dataset yet.

Several threat actors, including the forum’s operator, “Pompompurin,” have confirmed that the data is valid and appears authentic.

Analysis and verification of the data sample

RestorePrivacy obtained samples of the data for analysis and can confirm that all data appears authentic and matches publicly-available information from affected Deezer users.

While Deezer has admitted the data breach includes user names, dates of birth, and email addresses, our analysis shows it also contains location data (city and country), gender, and user ID for some users, as well as join date and source.

Below is a screenshot from the 5 million user sample released by the hacker.

deezer data breach 2022 sample
Source: RestorePrivacy.com

In a statement to RestorePrivacy, Deezer confirmed the security breach, but would not comment on the scope.

The incident occurred at one of our former service providers in 2019, and Deezer’s own systems and databases are secure. The data exposed includes only basic information, such as email addresses. No passwords or payment details of our customers have been affected.

We are taking this incident very seriously and are currently working with the French data protection authorities to confirm the source of the incident and take any action that may be necessary.

-Deezer’s statement to RestorePrivacy

In a follow-up statement to RestorePrivacy, Deezer has confirmed they are investigating the scope of the breach and how many users it affects.

Hackers can use this information to target Deezer users with hacking and fraud. The data could also be combined with other leaks and publicly-available information to create detailed user profiles, which can then be sold to others and/or used for fraudulent activity.

Users of Deezer are recommended to reset their passwords on the platform and do the same on any other online platform where they might be using the same credentials to reduce the risk of falling victim to credential stuffing.

Update December 8, 2022: The title of the article and subsequent paragraphs were updated to better reflect that this data breach happened via a third party service used by Deezer.

Related articles:

  • Yanluowang Ransomware Group Claims Cisco Systems as Latest Victim
  • Best Password Manager Apps in 2022: In-Depth Test Results
  • Verified Twitter Vulnerability Exposes Data from 5.4 Million Accounts

About Sven Taylor

Sven Taylor is the lead editor and founder of Restore Privacy, a digital privacy advocacy group. With a passion for digital privacy and accessible information, he created RestorePrivacy to provide you with honest, useful, and up-to-date information about online privacy, security, and related topics.

Reader Interactions

Comments

  1. Melisa Kellingsworth

    January 25, 2023

    I’ve never had a Deezer account and lifelock just notified me Deezer sold my information to the dark web. This company needs to be held accountable and we need to file a lawsuit against them

    Reply
  2. William

    January 24, 2023

    I’ve never made an account on Deeze! There is definitely an error; my data was stolen on Twitter and not on Deezer… I think there is a lot of confusion in this news…

    Reply
  3. Bruh

    January 17, 2023

    I didn’t even remembered that i had an account on Deezer until i saw this thing about the data breach, and when i was going to delete the account, it didn’t even existed anymore, tf

    Reply
  4. Max

    January 3, 2023

    I had an account on deezer. How can I see the information of me that is exposed in the leak?

    Reply
    • Pierre

      January 4, 2023

      Have i been pwned

      Reply
  5. Ariel Bonfim

    January 3, 2023

    France only has 67.5 million people, how could 46.2 million French people have been affected by this leak?

    Reply
    • Pierre

      January 4, 2023

      Deezer IS in alliance with telecom masters in France yes most of the people have Deezer

      I have Tidal in France 😎

      Reply
  6. bruh

    January 2, 2023

    I made an account on deezer in like 2012 wtf is this

    Reply
  7. Ellain

    January 1, 2023

    The service is not even available here, I think several centuries ago I tried to sign up then, only then they showed that the service is not available here.
    The fact that I got an email for this from Have I Been Pwned makes me angry, they won’t even provide any and all services yet they still gobbled up all the info I fed and sat on it for centuries.

    Reply
  8. Dave

    January 1, 2023

    Says I’ve been pwned but I’ve never heard of this site nor do i have an account . . .

    Reply
    • Cass

      January 2, 2023

      same

      Reply
    • Reis

      January 6, 2023

      Same here… :-/

      Reply
  9. Super Mouse

    December 8, 2022

    Sven Sir please also create a section for secure digital note taking applications. Though many of use store information like random web pages from news websites and recipes etc which need not to be super secured, still I believe secure and private end to end encrypted note service might be important for some.

    I have been an Evernote premium subscriber since years which is very a nice and useful service but is not end to end encrypted. Few weeks back I subscribed to a service which claims to provide end to end encryption for Notes and attachments. It is called Notesnook (https://notesnook.com/).

    Reply
    • Sven Taylor

      December 8, 2022

      There are some solutions for this in our Google Alternatives guide. CryptPad might work for you.

      Reply
  10. Rank 1 Tank

    December 8, 2022

    One can avoid sensitive information leak as in this case by using a VPN all the time to avoid location sharing location data and also using shadow email aliases from services like Simple Login, Duckduckgo’s new service and Firefox Relay. Or if not using shadow email aliases then at least using a separate email address for subscribing to services and using different email address for banks etc and this is what I do as I don’t want to pay for a premium service using shadow or temporary email address but I do use email aliases for securing my other sensitive accounts.
    Other that location hiding via VPN and using a separate email alias dedicated to few selected category of services, the leak of other details can be made ineffective by not giving correct date of birth but an approximate one like 1st January 2010 and incorrect names.

    Reply
    • El D.

      January 3, 2023

      Obviously asking for location via a billing address or app permissions bypasses a VPN.

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Sidebar

Digital Privacy Essentials:
Secure Browsers
Private Search Engines
Secure Email
Best Password Managers
Secure Messaging Services
Best Ad Blockers
Best VPN Services
Secure Cloud Storage

Privacy & Security Guides:
Privacy Tools
Alternatives to Google Products
Firefox Privacy Modifications
Five Eyes, 9 Eyes, 14 Eyes Spying
Browser Fingerprinting
Is Tor Safe?
Alternatives to Gmail
VPN vs Tor
Alternatives to WhatsApp
Is Your Antivirus Spying on You?
Controlling Communication Channels is Crucial for Privacy
Anonymity Networks: VPNs, Tor, and I2P
How to Really Be Anonymous Online
Private and Anonymous Payments

Secure Email Reviews:
ProtonMail Review
Tutanota Review
Mailfence Review
Mailbox.org Review
Hushmail Review
Posteo Review
Fastmail Review
Runbox Review
CTemplar Review
Temporary Email Services
Encrypted Email

Password Manager Reviews:
Bitwarden Review
LastPass Review
KeePass Review
NordPass Review
Dashlane Review
1Password Review
Best Password Managers

Secure Messaging App Reviews:
Wire Review
Signal Review
Threema Review
Telegram Review
Session Review
Wickr Review

Secure Cloud Storage Reviews
Tresorit Review
MEGA Cloud Review
Sync.com Review
Nextcloud Review
IDrive Review
pCloud Review
SpiderOak Review
NordLocker Review

How To Guides
How to Encrypt Files on Windows
How to Encrypt Email
How to Configure Windows 10 for Privacy
How to use Two-Factor Authentication (2FA)
How to Secure Your Android Device for Privacy
How to Secure Your Home Network
How to Protect Yourself Against Identity Theft
How to Unblock Websites
How to Fix WebRTC Leaks
How to Test Your VPN
How to Hide Your IP Address
How to Create Strong Passwords
How to Really Be Anonymous Online

About RestorePrivacy

Contact

Restore Privacy Checklist

  1. Secure browser: Modified Firefox or Brave
  2. VPN: NordVPN (68% Off Coupon) or Surfshark
  3. Ad blocker: uBlock Origin or AdGuard
  4. Secure email: Mailfence or Tutanota
  5. Secure Messenger: Signal or Threema
  6. Private search engine: MetaGer or Brave
  7. Password manager: NordPass or Bitwarden

About

Restore Privacy is a digital privacy advocacy group committed to helping people stay safe and secure online. You can support this project through donations, purchasing items through our links (we may earn a commission at no extra cost to you), and sharing this information with others. See our mission here.

We’re available for Press and media inquiries here.

Restore Privacy is also on Twitter

COPYRIGHT © 2023 RESTORE PRIVACY, LLC · PRIVACY POLICY · TERMS OF USE · CONTACT · SITEMAP