The data of nearly 250 million user accounts of the French music streaming platform Deezer has emerged in recent weeks on personal data trafficking forums, several sites specializing in data leakage have reported.
• Read also: Our artists are little listened to on the web
Deezer said on Tuesday that it had been informed that data stolen "from one of (its) former service providers" in 2019 had been exposed on the internet.
“The exposed data includes basic information, such as first and last name, date of birth, email address,” Deezer said, but does not contain “any password or payment data”.
Deezer declined to confirm the number of user accounts affected.
But, according to stolen data tracker Damien Bancal, author of the specialized blog Zataz.com, the data of 257 million users has been put online, representing more than 260 GB (gigabytes) of information.
The American site restoreprivacy.org, which had mentioned the case in November, indicated for its part that it had identified “more than 240 million” accounts concerned.
Deezer warned the CNIL, the French guardian of digital privacy, in November and has been working with it “since in close collaboration”.
In agreement with the CNIL, “we are in the process of contacting the users concerned by email in order to make them aware of the risks of phishing (phishing) and to encourage them to be vigilant,” explained Deezer. "We recommend that our users, as a precaution, change their passwords," the company said.
The base of these stolen data “had already been on sale for a long time in private spaces” of hackers, explained Damien Bancal. “On December 23”, more than three years after the initial theft according to Deezer, “the file was made freely accessible” on a freely accessible site, well known to pirates and hackers, he added.
According to restoreprivacy.org, the database notably contains the data of 46.2 million users in France, 37.1 million in Brazil and 15.3 million in Germany.