France-based music-streaming platform Deezer has admitted being hit with a data breach that potentially compromised the information of over 220 million users.
The extent of the incident was revealed this by Have I Been Pwned, an online tool for checking whether personal data has been leaked in security breaches, in emails to users seen by MBW.
It estimates that 229,037,936 people’s data was compromised in an incident dating back nearly three years.
The leaked information included users’ dates of birth, email addresses, genders, geographic locations, IP addresses, names, spoken languages and/or usernames.
The hacking dates back to mid-2019 when a Deezer third-party partner fell victim to a breach. The incident exposed user data, which was then sold on a popular hacking forum.
“The data in question had been handled by a 3rd party partner that we haven’t worked with since 2020, and it was this partner that experienced the breach. Deezer’s security systems remain effective, and our own databases are secure,” Deezer said in November 2022 shortly after the information came to light.
Deezer confirmed that the exposed data included basic information such as first and last names, date of birth and email addresses. The company noted that no information regarding passwords or payment details has been discovered.