In November 2022, we were made aware that a data leak occurred in the systems of a former service provider that Deezer used until 2020. As a result, a snapshot of our users' non-sensitive information was exposed. The exposed data includes basic information such as first and last names, date of birth, and your email address. To be clear, no information regarding passwords or payment details has been discovered.
The provider in question breached several of its contractual obligations, notably by retaining the data after the termination of the contract with Deezer (which is why the data set is dated 2019), despite the precautions taken by the latter to ensure that the data was destroyed. The failure of this provider to delete Deezer's data (despite providing confirmation of destruction in 2020) led to the hacking in 2022.
Deezer's systems and databases have not been affected and remain secure. Deezer has not violated any data protection regulations and is also a victim of its former service provider's gross negligence, as well as the maliciousness of hackers. Deezer is committed to protecting the privacy of its users and providing the highest level of security to protect the personal data we collect and process to provide our services. Deezer has always taken state-of-the-art security measures to protect its users' personal data. Deezer has always endeavored to use the most advanced security measures, just as it requires its suppliers to comply with the strictest security standards. We have even more strengthened existing security measures and continue to closely monitoring the situation to detect potential fraud and inform our users if necessary. All our customer service agents are aware of the incident, so they can assist you in case of difficulty.
However, we encourage you to change your password and to be vigilant, as the compromised data can be used for phishing purposes.
A phishing attack involves impersonating a business or organization to convince a potential victim to click on a link in an email or text message. Most often, the victim is asked to update their credit card details to continue using an online subscription.
How to recognize a phishing attempt
- Check the sender's email address. Cybercriminals grossly impersonate companies and organizations. For example: noreply@deeezer.com
- Look out for typos. Phishing messages often contain spelling or syntax errors
- Be wary if you're asked to provide your data. Neither Deezer, nor any other serious business or organization, will contact you by email to ask you for your password or credit card details
What to do if you receive a phishing email
- Don't click on any of the links included in the email
- Don't reply to the email or share your personal information in any manner
- Don't open any file attachments included in the email
- Report the email as spam in your email software
What to do if you have shared your personal information with a scammer
If you have shared your password:
- Immediately reset the password of your Deezer account in your settings (Go to Settings, select Account management, select Change password)
- Change the passwords for your other subscriptions and accounts if they are the same or like the one you use for Deezer
If you have shared your credit card details:
- Contact your bank immediately to terminate your credit card
- File a complaint with the police