Decathlon Data Breach Exposed Personal Information of Over 123 Million People: Report

The unsecured database of Decathlon is said to be of 9GB of size.

Decathlon Data Breach Exposed Personal Information of Over 123 Million People: Report

Decathlon has its presence in 69 countries, with over 1,600 stores worldwide

  • Decathlon’s Spanish division mainly got impacted by the data breach
  • Some data of the company’s UK business was also available in the database
  • Decathlon close down public access to the affected database

Decathlon Group, a popular sporting retail chain, is found to have suffered from a data breach that exposed its massive user data through a misconfigured database. The issue put the record of over 123 million users and employees at stake, as per a report. It is believed that the affected database mainly contained private information of the Spanish division of Decathlon. However, it is also likely to include some data of the company's UK business. At this time, there is no confirmation on whether customers in India were also affected. The company closed down public access to the unsecured database upon being notified about the breach.

The database in question was of 9GB in size and on an unsecured ElasticSearch server. It was discovered by a team at security-focussed firm vpnMentor.

The leaked data reportedly included employee usernames, unencrypted passwords, personally identifiable information (PII) including social security numbers, full names, addresses, mobile phone numbers, addresses, and birth dates. Further, the researchers noted that the database also had customer email and login information in an unencrypted form.

“It has everything that a malicious hacker would, in theory, need to use to take over accounts and gain access to private and even proprietary information,” vpnMentor wrote in a blog post.

The data breach was noticed on February 12, and the company was notified on February 16. The database was pulled on February 17, the research team said in the post.

It is unclear whether the impact of the data breach has any affect on the database of Decathlon in other regions, except Spain and the UK. Gadgets 360 has reached out to the company to get more details.
The vpnMentor team believe that the data breach could be used for corporate espionage and phishing attacks. Furthermore, affected users are likely to receive a correspondence from the company detailing the impact of the breach.

Headquartered in France, Decathlon has its presence in 69 countries, with over 1,600 stores worldwide. The company is popular for using inventory robots and in-store mobile checkout systems to attract young customers.


For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Jagmeet Singh writes about consumer technology for Gadgets 360, out of New Delhi. Jagmeet is a senior reporter for Gadgets 360, and has frequently written about apps, computer security, Internet services, and telecom developments. Jagmeet is available on Twitter at @JagmeetS13 or Email at Please send in your leads and tips. More
Oppo Reno 3 Pro Pre-Bookings Open Today on Amazon, Flipkart, Offline Stores: All You Need to Know
Share on Facebook Tweet Snapchat Share Reddit Comment




© Copyright Red Pixels Ventures Limited 2022. All rights reserved.
Listen to the latest songs, only on