What happened
According to public breach records, the Deezer data breach on April 22, 2019 is reported to have exposed the personal information of 229,037,936 accounts.
In late 2022, the music streaming service Deezer disclosed a data breach that impacted over 240M customers. The breach dated back to a mid-2019 backup exposed by a 3rd party partner which was subsequently sold and then broadly redistributed on a popular hacking forum. Impacted data included 229M unique email addresses, IP addresses, names, usernames, genders, DoBs and the geographic location of the customer.
In late 2022 a data set of roughly 229 million Deezer accounts, dated to mid-2019, began circulating for sale on cybercrime forums and was widely distributed in January 2023 when Have I Been Pwned added it and notified affected users. Deezer attributed the exposure not to its own systems but to a third-party data-analysis partner it had stopped working with by 2020, which had retained and then leaked a backup of user data. The exposed records included names, usernames, email addresses, dates of birth, genders, IP addresses, spoken languages and geographic (city/country) location; Deezer stated that no passwords or payment information were compromised, and reported the incident to French data-protection regulator CNIL.
What data was exposed
The following types of personal data were compromised:
- Dates of birth
- Email addresses
- Genders
- Geographic locations
- IP addresses
- Names
- Spoken languages
- Usernames
Breach details
| Detail | Value |
|---|---|
| Breach name | Deezer |
| Date | April 22, 2019 |
| Accounts affected | 229,037,936 |
| Domain | deezer.com |
This summary is compiled from public breach-notification data and known leak databases. Figures reflect what those sources report and may be revised as more is learned. If something here looks wrong or you think your information is involved, contact our support team.
We report breaches as a factual record to help people check their exposure. Inclusion here is not an allegation of wrongdoing or negligence by Deezer; it reflects a publicly reported security incident.
What to do now
Based on the data exposed in this breach, here are the steps you should take:
- Treat your email address and name as compromised: watch for targeted phishing or spam referencing Deezer or your profile, and never click password-reset or account-verification links you did not request.
- Although Deezer says passwords were not exposed, change your Deezer password as a precaution and enable two-factor authentication there and on any other site where you reused that email/password combination.
- Because date of birth, gender and city/country location leaked, be wary of identity-verification calls or messages that cite these details to build trust before a scam.
- Monitor whether your email surfaces in further breach aggregations and consider using a unique alias email for low-trust signups going forward.
Check your exposure
Data breaches are one of the ways your personal information ends up on data broker sites. Run a free scan to see which sites are exposing your personal data — and take action to remove it.
Sources
- Have I Been Pwned: Deezer Data Breach
- Deezer admits data breach that potentially exposed over 220 million users' info - Music Business Worldwide
Find out what data brokers know about you
Run a free scan to see which sites are exposing your personal information — name, phone, address, email, and more.
Start your free scan →