Deezer 2019 Data Breach

Deezer Music Streaming Service Breach (2019, Disclosed 2022): 244 Million User Records Including DOB & Location Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

MisconfigurationStreamingMusicDate of BirthEmail AddressFull NameGenderGeographic LocationIP AddressSpoken Language
Low SeverityWebsite / service breach

Deezer Music Streaming Service Breach (2019, Disclosed 2022): 244 Million User Records Including DOB & Location Exposed

Music streaming service.

Verified by ObscureIQ Intelligence
34/100Breach Risk Index
10Data Value
25Market Recency
512dSince Breach

Breach Intelligence Summary

Entity: Deezer · Actor: Unknown · Sources: 4 references
Attack: Misconfiguration
Profile: Platform · Music streaming services · Subscription-based streaming platform · Global
Timeline: Breach (2019-04-22) · Indexed (Dec 01, 2024) · Year (2019)
Exposure: 244.8M records · 8 fields: Date of Birth, Email Address, Full Name, Gender, Geographic Location, IP Address, Spoken Language, Username
Status: Confirmed

Executive Summary

Deezer, a French music streaming service, suffered a data breach originating from a 2019 incident involving a third-party data partner that retained user data after its contract with Deezer ended in 2020. The breach went undetected for roughly three years before the stolen data appeared for sale on a cybercrime forum in 2022, prompting Deezer to disclose the incident. Approximately 244.8 million user records were compromised in total, making it one of the largest breaches in the music streaming sector. The exposed data included full names, email addresses, dates of birth, genders, city and country of residence, IP addresses, usernames, and spoken languages. Deezer confirmed that no passwords or payment details were included. Even so, the combination of personal identifiers and behavioral data is enough to support convincing phishing attacks and targeted scams against affected users. Deezer reported the breach to France's data protection authority, CNIL, and published information about the incident on its support site. Some users criticized the company for not directly notifying individuals affected. The three-year gap between the original incident and its discovery raised questions about vendor oversight practices. Affected users should remain alert to phishing attempts that reference their personal details and consider whether their email address has been used across other accounts.

ObscureIQ assessment: Credential exposure enables account takeover and password reuse attacks. Behavioral data can support profiling and targeted phishing.

Breach Impact

In November 2022 Deezer disclosed that a 2019 breach at a third-party data partner had exposed user data. The incident had gone undetected for three years before surfacing. The exposed dataset contained approximately 229 million records including email addresses, names, dates of birth, genders, geographic locations, IP addresses, spoken languages, and usernames. Deezer notified affected users and reported the incident to French data protection authority CNIL. No major settlement or significant regulatory enforcement action specific to this breach has been prominently documented, though the three-year detection gap drew attention to vendor oversight practices.

About Deezer

Deezer is a French music streaming service offering on-demand audio, podcasts, and radio through subscription and free ad-supported tiers. Founded in 2007 and headquartered in Paris, the company operates in more than 180 countries and has been listed on Euronext Paris since 2022. It competes with Spotify, Apple Music, and Amazon Music, with particular strength in French-speaking markets and parts of Africa and Latin America.

Why They Hold Your Data

Streaming platforms store user accounts, emails, passwords, subscription details, and behavioral data such as listening history and preferences.

Recent Developments

Deezer went public on Euronext Paris via a SPAC merger in July 2022, though the listing was followed by a challenging period of revenue pressure and share price decline. The company has pursued partnerships with telecommunications carriers and content bundling arrangements to grow its subscriber base. It has maintained a focus on markets where Spotify's presence is less dominant.

Data Points Exposed

8 verified field types
Date of Birth High
Email Address
Full Name High
Gender
Geographic Location
IP Address
Spoken Language
Username

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Identity verification bypass using name + date of birth combination
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • Identity verification bypass
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • Profile enrichment
  • Pattern-of-life analysis & physical surveillance
  • Geolocation & account flagging
  • Targeted phishing localization
  • Cross-platform tracking & credential stuffing

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Deezer breach?

Deezer, a French music streaming service, suffered a data breach originating from a 2019 incident involving a third-party data partner that retained user data after its contract with Deezer ended in 2020. The breach went undetected for roughly three years before the stolen data appeared for sale on…

What data was exposed?

Verified fields include Date of Birth, Email Address, Full Name, Gender, Geographic Location, IP Address, Spoken Language, Username.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
Breach Index
Have I Been Pwned
Record & field corroboration
Cross-source
9ghz
Independent catalogue listing
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation