Get compensation for Deezer data leak! 

Intro

For many, music is a safe escape from the stresses of everyday life. However, for those who use Deezer, this is not the case anymore. The streaming giant announced in 2023 that some of our worst fears had just come to fruition.  

Through a cyberattack on a third-party service that works in conjunction with Deezer, the personal information of 228 million members was stolen and sold. This most recent breach has left millions vulnerable to various malicious practices and signals the need for a solution. If you used Deezer up until 2019, it is very possible that you could be one of these 228 million compromised users. 

From your name to date of birth to your location data, the amount of user data that Deezer collects is absurd. The hacker stole all of this information and put it out on the dark web to be sold to the highest bidder essentially commodifying your life story. On a 60 GB file that is somewhere on an online breaching forum right now could be your name, birth date, gender, email and IP address, registration date, user ID, device information, and location data. Utilizing the information gathered from this attack along with public information, harmful entities can put together phishing attacks or detailed user profiles for potential fraudulent activity. This data breach raises serious privacy concerns that Deezer needs to be held accountable for.  

Our personal information is not something to be taken lightly. Fortunately, individuals are taking action in the form of class action suits to not only protect themselves through settlements but to also send a message to Deezer that this is a serious matter.  

Key takeaways 

• The most recent Deezer data breach puts 228 million users at risk of phishing attacks and fraudulent activity. 

• Key oversights on the part of Deezer have led to your information being put out on the web for malicious entities to purchase. 

• Individuals are making a stand through class action lawsuits to remind big tech companies that their privacy matters. 

Deezer Data Breaches Explained

What Happened?

Deezer, a popular music-streaming service in Europe, utilized a third-party partner to analyze trends within user data. Come 2020, Deezer cuts ties with this third-party service and ends their partnership. However, in 2019, just before the end of the partnership, the third-party service was hacked in which one individual stole the personal records of 228 million people.  

Deezer, on the other hand, did not become aware of this breach until 2022 when the culprit posted on a breaching forum that he was selling a 60GB file containing the emails, IP addresses, names, location data, and more of the 228 million people whose data was stolen. From this moment forward, the personal information of 228 million could now be bought online because the proper precautionary measures weren’t taken.  

To make matters worse, there are still many claiming they were never notified by Deezer that they had been hacked. Instead, third-party services gave them the notification letting them in on the fact that their data was now out on the dark web for the highest bidder to obtain. 

Timeline

• 2024: Many individuals are putting together class actions. Within the US and Europe, many individuals are putting together class actions against Deezer for failing to protect their information and failing to notify them that they had been breached.  

• 2023 (January): Deezer first becomes notified of the hack and makes a statement. After the post, that was the first time Deezer was notified that the third-party service had been breached back in 2019. Deezer releases a statement about the breach but fails to notify all of its customers. 

• 2022 (November): Hacker posts the file on a forum. On November 6, 2022, the original culprit makes a post on a dark web breaching forum where he states that he is selling a 60GB file with the personal information of 228 million people that he stole from Deezer. In this same post, he releases a sample of 5 million people.  

• 2020: Deezer cuts ties with the third-party service. The two companies no longer function as partners. Legally, the third-party service is now required to delete all of the user data it obtained from Deezer. According to Deezer, it failed to accomplish this task. 

• 2019 (April): The Third-Party Service is first hacked. This was the initial breach in which the hacker obtained the records of 228 million people in one go. The culprit managed to obtain a snapshot of all of the information at the time.  

Will there be a compensation?

It’s common for large-scale data breaches to result in compensation for affected individuals. The exact Deezer settlement amount may vary based on factors like the user’s location and the extent of data breached. 

Legal Proceedings

Legally, Deezer has still yet to face any consequences. There are many ongoing cases in which consumers are fighting back to gain some compensation for the lack of protection and lack of notification by Deezer. Many are invoking GDPR(General Data Protection Regulation) Article 82 which states, “Any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered.” 

In the meantime, Deezer is publicly claiming that they took the proper measures to ensure this wouldn’t happen. They claim that they complied with all guidelines and regulations. However, the high number of people claiming they never got a notification and the breach itself occurring in 2019 raises some doubts about this assertion they are proclaiming. 

How to Claim Deezer Compensation

If you want to get compensation for the data breach, you need to join a group lawsuit, also known as a class action. When you do this, you’ll work with a financial litigation partner who handles everything for you. That is us! Your task is just to apply and then wait to get money. 

Remunzo handles all the hard work. We set up the lawsuit and take the corporation to court for you. Corporations don’t want to pay money easily, but Remunzo will fight hard to get your settlement payout. When joining thousands of others in a lawsuit like this, the corporation is more likely to pay and the settlement payment amount per person i.e. how much will you get tends to be higher.

Remunzo will keep you updated about the settlement status. But you need to be patient because it can take months till the settlement payments are done and you get paid. 

Quickly check your eligibility and compensation amount with our simple data leak checker. In under 2 minutes, you’ll know how much money you can get and will be able to claim compensation. Give it a try!

Impact of Deezer Data Breach on Users

For the general public, the potential long-lasting impact of this data breach could be disastrous. Considering that for each of the 228 million people, their emails, IP addresses, birth dates, location data, registration date, spoken languages, usernames, and gender are all being sold somewhere online, the digital possibilities are truly frightening. Not only does it open up each of these consumers to many phishing attacks, but by using other readily available sources on the internet, malicious entities could be able to create full profiles of each person to exploit for fraudulent purposes. 

In an increasingly digital world, cybersecurity breaches like these are nothing to be taken lightly. While they may have not obtained the passwords for these members, it is just as terrifying to imagine someone out there who could have purchased a snapshot of your life story in one go on the internet.  

Deezer Response and Changes in Data Security

Upon notification of the breach, Deezer made a statement declaring that they were going to look into it. Just recently, they have updated their statement to deny any liability within this incident. Deezer claims that because they had cut ties with the original third-party service and taken the proper precautions upon cutting ties, the liability does not fall upon them. Deezer is making the claim that the third-party service breached their contract by failing to delete the data after the termination of their partnership in 2020 causing this data breach despite the data breach occurring in 2019.  

For similar reasons, Deezer has also not updated their own databases and maintain that their servers have state-of-the-art security parameters in place to protect the data. They exclaim, “Deezer’s systems and databases have not been affected and remain secure.” The only further steps Deezer has taken have been to cut ties with that service and advise their users to avoid phishing attempts while enabling 2-factor authentication as well as changing their passwords. Deezer has notified a few users but there are multiple complaints about a lack of notification after the breach from many others.  

Future Implications and Industry Impact

As our lives become more and more digital, this incident raises so many more concerns about the way our data is handled by even the most basic of apps. For so much of our information to be leaked through a data breach on a music app raises concerns about what other apps could gather as well. Thus, it becomes even more vital to show the big technology companies that our data needs to be handled with the utmost care because it is such private information. 

Other Famous Incidences of Privacy Breaches

Deezer is not the only one who got its data stolen. Hundreds of other companies have faced or will face data breaches. Therefore, we strongly suggest using our Compensation Calculator. This tool will help you find out how many claims you are eligible for compensation and how much money you might get. And we can help you to easily get it. 

Conclusion

The Deezer data breach raises important questions about the way our data is handled by a majority of the apps on our phones as well as on the internet. Deezer collected an extensive amount of information for each user that is now easily being sold on some forums on the dark web. For so much of our data to be leaked in one go is rather alarming and even more concerning when you consider it could be in the hands of anyone with a laptop and some cash. Class actions against companies like Deezer for the mishandling of our data and lack of notification are important to send a message. Occurrences like these are good reminders of how vulnerable our information is on the internet and thus, how even more crucial it is for companies to manage it properly and securely.

Frequently Asked Questions

Sources

1. https://www.twingate.com/blog/tips/deezer-data-breach 
2. https://purplesec.us/security-insights/deezer-data-leak-228-million-users/ 
3. https://www.musicbusinessworldwide.com/deezer-admits-data-breach-that-potentially-exposed-over-220-million-users-info/ 
4. https://restoreprivacy.com/music-service-deezer-data-breach/ 
5. https://grahamcluley.com/data-of-over-200-million-deezer-users-stolen-leaks-on-hacking-forum/ 
6. https://gdpr-info.eu/art-82-gdpr/#:~:text=Any%20person%20who%20has%20suffered,processor%20for%20the%20damage%20suffered. 
7. https://support.deezer.com/hc/en-gb/articles/7726141292317-Third-Party-Data-Breach