Deezer, a French music streaming service, suffered a data breach originating from a 2019 incident involving a third-party data partner that retained user data after its contract with Deezer ended in 2020. The breach went undetected for roughly three years before the stolen data appeared for sale on a cybercrime forum in 2022, prompting Deezer to disclose the incident. Approximately 244.8 million user records were compromised in total, making it one of the largest breaches in the music streaming sector. The exposed data included full names, email addresses, dates of birth, genders, city and country of residence, IP addresses, usernames, and spoken languages. Deezer confirmed that no passwords or payment details were included. Even so, the combination of personal identifiers and behavioral data is enough to support convincing phishing attacks and targeted scams against affected users. Deezer reported the breach to France's data protection authority, CNIL, and published information about the incident on its support site. Some users criticized the company for not directly notifying individuals affected. The three-year gap between the original incident and its discovery raised questions about vendor oversight practices. Affected users should remain alert to phishing attempts that reference their personal details and consider whether their email address has been used across other accounts.

Streaming platforms store user accounts, emails, passwords, subscription details, and behavioral data such as listening history and preferences.

Deezer went public on Euronext Paris via a SPAC merger in July 2022, though the listing was followed by a challenging period of revenue pressure and share price decline. The company has pursued partnerships with telecommunications carriers and content bundling arrangements to grow its subscriber base. It has maintained a focus on markets where Spotify's presence is less dominant.