Cyber Incident Victim: Deezer
Date:
Oct 2023
Location:
France
Summary
The music streaming service Deezer experienced a distributed denial-of-service (DDoS) attack, causing significant service disruptions and preventing numerous users from accessing their accounts. The attack overwhelmed the platform's servers, leading to widespread login issues and operational degradation, with nearly 930 outage reports recorded at peak impact. The company confirmed the incident publicly, stating its teams were actively working to mitigate the attack and restore normal operations, which resulted in a notable decline in reported disruptions later the same day. Users were advised to monitor official channels for updates while the service worked to resolve the remaining technical challenges.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 22, 2023, Deezer users encountered widespread login difficulties and service disruptions starting in the morning. The French music streaming platform confirmed via its official X (formerly Twitter) account that it was experiencing a distributed denial-of-service (DDoS) attack, which overwhelmed its systems with excessive traffic. Downdetector, an outage monitoring service, recorded approximately 930 user reports of platform inaccessibility shortly after 11:00 AM local time. The attack aligned with common DDoS patterns described by cybermalveillance.gouv.fr, France’s governmental cybersecurity portal, which characterizes such incidents as relatively simple to execute through either server saturation via coordinated requests or exploitation of security vulnerabilities to degrade service performance. Deezer’s operational team immediately engaged in mitigation efforts while maintaining public communication through social media channels.
By early afternoon, Downdetector data indicated a substantial decline in outage reports, suggesting partial restoration of services. Deezer’s communications emphasized active technical response measures but did not disclose specific mitigation strategies or infrastructure adjustments. The company formally apologized for the inconvenience through its @DeezerFR account, acknowledging the disruption’s impact on user access to musical content while directing affected customers to the @DeezerHelp support channel for real-time updates. No data breach or compromise of user information was referenced in either the company’s statements or external reporting. Service reliability appeared to improve progressively throughout the day following the initial attack window, though neither Deezer nor third-party sources provided explicit confirmation of full resolution timelines or final technical root causes beyond the confirmed DDoS classification.