A Deezer leak indexed by leaksear.ch contains 244,648,718 records tied to the music-streaming service, with email, name, username, country, and date of birth available as search pivots (leaksear.ch metadata). The indexed breach date is April 22, 2019 (leaksear.ch metadata), a date also shown by Mozilla Monitor, while Have I Been Pwned lists 229 million affected Deezer accounts for an April 2019 breach (monitor.mozilla.org, haveibeenpwned.com).
What happened
Public sources point to a third-party service provider, not a newly reported compromise of Deezer's own systems. Have I Been Pwned describes the data as a mid-2019 backup exposed by a third-party partner, then sold and redistributed on a hacking forum; Deezer's support article says it was made aware in November 2022 of a leak in systems of a former provider it used until 2020 (haveibeenpwned.com, support.deezer.com).
Deezer says the provider retained data after the contract ended and after confirming destruction in 2020, and says Deezer's systems and databases were not affected (support.deezer.com). CyberInsider's December 2022 report said a forum user published a sample on November 6, 2022 and claimed data for more than 240 million users, but that claim should be treated as a threat-actor claim unless independently corroborated (cyberinsider.com).
What data was exposed
The leaksear.ch index exposes searchable fields for country, date of birth, email, name, and username (leaksear.ch metadata). The stored record schema also contains non-searchable context including city, gender, language, user ID, registration date, platform, product, offer and partner IDs, newsletter and in-app, push, mail, and SMS opt-in fields, and usage counters related to playlists, lyrics clicks, streams, artist and genre mixes, and Sonos streams (leaksear.ch metadata).
Public breach notices also identify overlapping and additional data types. Have I Been Pwned lists dates of birth, email addresses, genders, geographic locations, IP addresses, names, spoken languages, and usernames; Deezer's support page says exposed information included first and last names, date of birth, and email address, with no passwords or payment details discovered; Mozilla Monitor lists IP addresses, emails, dates of birth, genders, geographic locations, names, spoken languages, and usernames (haveibeenpwned.com, support.deezer.com, monitor.mozilla.org).
Why this matters
Names, emails, usernames, dates of birth, location fields, language, and subscription or communication-preference context can help attackers craft believable lures, especially subscription-renewal or payment-update phishing. Deezer's own guidance warns that compromised data can be used for phishing and urges users to be vigilant (support.deezer.com). Because passwords and payment details are not reported as exposed by Deezer, the immediate risk is less about direct payment-card compromise and more about phishing, account recovery abuse, and enrichment of other breach data. If you had a Deezer account, check whether your email, name, username, country, or date of birth appears in this leak (leaksear.ch metadata).
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include country, date of birth, email, name, and username.