Personal details of more than 200 million Deezer users were stolen by hackers and have recently been released on the open internet.
But what exactly happened, and are you in any danger? If so, how can you protect your data after this security breach?
What Happened in the Deezer Data Breach?
On November 6th, 2022, Sin, a user of a popular breach forum, posted a CSV file containing the personal details of 228 million users of the music streaming service Deezer. Data was not anonymized and included both first and last names, dates of birth, email addresses, gender, location data, join date, user ID, session IP addresses, and language.
According to Sin, the original source was a data analysis company hired by Deezer, and the original breach occurred in 2019. While the data was originally offered for sale, it has since been made available for free by another user.
In a blog post on Deezer's Support page, the company acknowledged that "a snapshot of our users' non-sensitive information was exposed" but reassured users that "we are actively working to take appropriate action to safeguard the breached data."
How Deezer intends to safeguard customer data which has been in the hands of hackers for three years and is easily available for anyone to download is unclear.
While Deezer admitted, "The exposed data includes basic information such as first and last names, date of birth, and your email address," the company omitted any mention of more specific identifying data seen by MUO.
The Deezer breach is big. If each of those accounts belongs to one person, then that's 2.5% of the world's population. Who knew Deezer was so popular?
How Can Criminals Exploit Exposed Deezer Data?
Every piece of information exposed in the Deezer data breach can be used to attack you, although Deezer states that it is currently "unaware of any actual misuse of the data." Now, the data is publicly available to download, and criminals can exploit it in a number of ways.
These include identity theft and using your name, location, and date of birth to take out loans and credit or make purchases in your name.
Your email address makes you more vulnerable to phishing scams, and as you are (or were) a Deezer user, attackers may pose as Deezer staff or customer services to make you click on a dodgy link. In addition, attackers may also use your email address and pose as representatives of other services.
How to Protect Yourself After the Deezer Data Breach
One of the biggest threats is that criminals use your details to take out credit using your identity. You should freeze your credit and engage with a credit monitoring service.
If you use the email address associated with your Deezer account to access any other services, you should change it now. That way, if you receive an email from Amazon, PayPal, or your bank to this email address, you'll know it's fraudulent. Moving forward, use email aliasing to create a different address for every service you use, as it's one of the many ways to keep your email address hidden.
Additionally, you should falsify any details you hand over to third parties to prevent them from being successfully used by identity thieves. Deezer doesn't need to know your date of birth, and very few services have a legitimate use for it. Likewise, your real name and gender are nobody's business but yours. Just remember to keep a record of which details you give to which service.
While Deezer insists that "no information regarding passwords or payment details has been discovered," it recommends changing your password "as a precautionary measure."
Deezer Isn't the Only Music Streaming Service
After Deezer's belated and limited revelation, you may have second thoughts about using the service. If so, there are plenty of other music streaming platforms out there, each with its own benefits and disadvantages.
If you have some spare computer hardware lying around and don't fancy handing over your details and cash to yet another service, you can run your own using Jellyfin. It will even work well on a humble Raspberry Pi.