Decathlon Group, a popular sporting retail chain, is found to have suffered from a data breach that exposed its massive user data through a misconfigured database. The issue put the record of over 123 million users and employees at stake, as per a report. It is believed that the affected database mainly contained private information of the Spanish division of Decathlon. However, it is also likely to include some data of the company's UK business. At this time, there is no confirmation on whether customers in India were also affected. The company closed down public access to the unsecured database upon being notified about the breach.
The database in question was of 9GB in size and on an unsecured ElasticSearch server. It was discovered by a team at security-focussed firm vpnMentor.
The leaked data reportedly included employee usernames, unencrypted passwords, personally identifiable information (PII) including social security numbers, full names, addresses, mobile phone numbers, addresses, and birth dates. Further, the researchers noted that the database also had customer email and login information in an unencrypted form.
“It has everything that a malicious hacker would, in theory, need to use to take over accounts and gain access to private and even proprietary information,” vpnMentor wrote in a blog post.
The data breach was noticed on February 12, and the company was notified on February 16. The database was pulled on February 17, the research team said in the post.
It is unclear whether the impact of the data breach has any affect on the database of Decathlon in other regions, except Spain and the UK. Gadgets 360 has reached out to the company to get more details.
The vpnMentor team believe that the data breach could be used for corporate espionage and phishing attacks. Furthermore, affected users are likely to receive a correspondence from the company detailing the impact of the breach.
Headquartered in France, Decathlon has its presence in 69 countries, with over 1,600 stores worldwide. The company is popular for using inventory robots and in-store mobile checkout systems to attract young customers.