Cyber Incident Victim: Deezer

The Deezer data breach originated in mid-2019 when a third-party partner of the France-based music streaming service suffered a security compromise. This incident exposed user information that was subsequently sold on a prominent cybercrime forum. The breach remained undisclosed publicly until November 2022, when Deezer confirmed the event while clarifying they had ceased working with the affected third party by 2020. Forensic analysis by Have I Been Pwned later revealed the full scope, estimating 229,037,936 user accounts were impacted globally. Compromised data fields included names, email addresses, genders, dates of birth, geographic locations, IP addresses, usernames, and spoken language preferences. RestorePrivacy documented hacker forum activity showing a 60GB dataset containing 257 million records being marketed, with claims it included non-anonymized emails and user session logs.

Deezer emphasized no passwords, financial information, or payment details were accessed during the breach. The affected user base spanned multiple countries including France, Brazil, the United Kingdom, Germany, Mexico, Colombia, Turkey, the United States, Italy, and Guatemala. As of September 2022, Deezer maintained 9.4 million active subscribers despite the historical breach. The company asserted its internal security systems remained uncompromised and effective throughout the incident timeline. Proactive measures were implemented to safeguard exposed data, though no instances of credential misuse or identity theft were formally reported following the breach disclosure. This incident paralleled security challenges faced by industry competitors, including Spotify’s 2020 breach affecting 300,000 accounts.