For popular French music streaming service Deezer, 2023 started off with bad news for users.
There have been reports of a data breach that has reached 229 million accounts on the music streaming platform, affecting not only Europeans and Americans, but also people from other countries. Information including date of birth, email address, and IP address is derived from a backup file published in 2019.
According to the notice, the streaming platform was the victim of a data breach on April 22, 2019, but the case was not resolved until late 2022.
“The hack traces back to a mid-2019 backup provided by a third-party partner, which was later sold and widely shared on a popular hacking forum,” reads the official description of the leak.
In total, the personal data leak covered 229 037,936 accounts of representatives of different nationalities. The list of compromised information includes personal data of various nature. This applies to dates of birth, names and usernames of Deezer. Email addresses, IP addresses, languages of communication and geographic location (city and country) were also disclosed.
More detailed information was reported by the RestorePrivacy agency in December 2022. According to a specialized website, information that weighs 60 GB has been available on the forum since November 2022.
Faced with the situation, Deezer released a statement on its support page: “We were informed that one of our partners suffered a data breach in 2019 and a snapshot of our users’ non-sensitive information was exposed,” they announced. Also according to the statement, the provider is no longer working with the streaming platform as of 2020.
According to a security researcher, this is the largest leak reported by the platform since Facebook’s phone numbers were deleted in April 2021.
The penalties provided for by the LGPD only came into effect in 2021. Therefore, since the incident occurred in 2019, Deezer will not be subject to data protection sanctions.
However, this does not mean that the company is immune from possible penalties. If any user has suffered damage due to a leak, they can claim compensation. However, the damage, even moral, must be realistically proven.
Deezer officially confirmed the leak, but stressed that sensitive data was not disclosed. Check out the position in full: “The leak happened when a partner that we haven’t worked with since 2020 had a data breach. However, no sensitive information such as passwords and CPFs were exposed. Our database remains safe. But we always encourage users to update their passwords regularly to keep their data even more secure,”- they explained.
