Cyber Incident Victim: Deezer

On June 6-7, 2014, Paris-based music streaming service Deezer experienced two distributed denial-of-service (DDoS) attacks that disrupted its operations. The first, smaller attack occurred on Friday morning but did not significantly affect service availability. A more substantial follow-up attack commenced on Saturday, June 7, at 4:00 PM GMT, utilizing a botnet—a network of compromised computers controlled by attackers—to flood Deezer's servers with traffic. This second attack overwhelmed the company's infrastructure, resulting in several hours of service downtime that prevented users from accessing the platform. Deezer detected both incidents through its monitoring systems, characterizing the Saturday incident as a "large scale attack" that directly impacted user accessibility. The company confirmed the attacks exclusively targeted service availability through traffic saturation rather than attempting to breach user data repositories or extract sensitive information.

Deezer responded by notifying affected users via email, explicitly stating that no personal information had been compromised during the incidents. The company emphasized that user data "has been, and will remain, completely secure," attributing the outage solely to the botnet's traffic volume overwhelming their systems. While the attack caused temporary service disruption, Deezer clarified that the attackers never gained unauthorized access to accounts, payment details, or other sensitive user information. The incident highlighted the operational vulnerability of streaming platforms to DDoS attacks—a method frequently employed by hacktivist groups due to its relatively low cost, technical accessibility, and minimal legal risk for perpetrators. No specific group claimed responsibility, and the company's communications focused on reassuring users about data security rather than detailing technical mitigation measures beyond acknowledging the attack's neutralization.