How to protect yourself after a Deezer data breach

Personal information of more than 200 million Deezer users was stolen by hackers and recently leaked on the open internet.

But what exactly happened and are you in danger? If yes, how to protect your data after this vulnerability?

What happened in the Deezer data breach?

On November 6, 2022, Sin, a user of a popular Breach forum, posted a CSV file containing the personal information of 228 million users of the music streaming service Deezer. Data was not anonymized and included first and last names, dates of birth, email addresses, gender, location data, date joined, user ID, session IP addresses, and language.

According to Sin, the original source was a data analysis company hired by Deezer, and the original breach happened in 2019. While the data was initially offered for sale, another user has since made it available for free.

In a blog post on Deezer support pagethe company confirmed that “a snapshot of our users’ non-confidential information was disclosed,” but assured users that “we are actively working to take appropriate measures to protect the breached data.”

How Deezer intends to protect customer data, which has been in the hands of hackers for three years and is easily downloadable for anyone, is unclear.

While Deezer admitted, “The data disclosed includes basic information such as first and last name, date of birth and your email address,” the company omitted any mention of more specific identifying data seen by MUO.

The Deezer break is big. If each of these accounts belongs to one person, that’s 2.5% of the world’s population. Who knew Deezer would be so popular?

How can criminals exploit exposed Deezer data?

Any information disclosed in the Deezer data breach could be used to target you, although Deezer says it is “not aware of any actual misuse of the data” at this time. Now the data can be downloaded publicly and criminals can exploit it in various ways.

These include identity theft and using your name, place of residence and date of birth to make loans, credit or purchases on your behalf.

Your email address makes you more vulnerable to phishing scams, and since you are (or were) a Deezer user, attackers can impersonate Deezer employees or customer service to trick you into clicking a shady link . In addition, attackers can also use your email address and pose as representatives of other services.

How to protect yourself after the Deezer data breach

One of the biggest threats is criminals using your information to borrow under your identity. You should freeze your credit and contact a credit monitoring service.

If you use the email address associated with your Deezer account to access other services, you should change it now. So if you receive an email from Amazon, PayPal or your bank to this email address, you know it’s a scam. In the future, use email aliasing to create a different address for each service you use, as this is one of the many ways to hide your email address.

In addition, you should falsify any data you provide to third parties to prevent identity thieves from successfully using it. Deezer doesn’t need to know your date of birth, and very few services have a legitimate use for it. Likewise, your real name and gender is no one’s business but yours. Just remember to keep a record of what data you give to which service.

While Deezer insists that “no information regarding passwords or payment details has been discovered,” it recommends changing your password “as a precautionary measure.”

Deezer isn’t the only music streaming service

After Deezer’s belated and limited disclosure, you may have concerns about using the service. If so, there are plenty of other music streaming platforms, each with their own pros and cons.

If you have some spare computer hardware and don’t feel like giving your data and money to another service, you can use Jellyfin to run your own. It even works well on a humble Raspberry Pi.

This article was previously published on Source link