Decathlon Data Breach Exposed Personal Information of Over 123 Million People: Report

The unsecured database of Decathlon is said to be of 9GB of size.

Share on Facebook Tweet Snapchat Share Reddit Comment
Decathlon Data Breach Exposed Personal Information of Over 123 Million People: Report

Decathlon has its presence in 69 countries, with over 1,600 stores worldwide

Highlights
  • Decathlon’s Spanish division mainly got impacted by the data breach
  • Some data of the company’s UK business was also available in the database
  • Decathlon close down public access to the affected database

Decathlon Group, a popular sporting retail chain, is found to have suffered from a data breach that exposed its massive user data through a misconfigured database. The issue put the record of over 123 million users and employees at stake, as per a report. It is believed that the affected database mainly contained private information of the Spanish division of Decathlon. However, it is also likely to include some data of the company's UK business. At this time, there is no confirmation on whether customers in India were also affected. The company closed down public access to the unsecured database upon being notified about the breach.

The database in question was of 9GB in size and on an unsecured ElasticSearch server. It was discovered by a team at security-focussed firm vpnMentor.

The leaked data reportedly included employee usernames, unencrypted passwords, personally identifiable information (PII) including social security numbers, full names, addresses, mobile phone numbers, addresses, and birth dates. Further, the researchers noted that the database also had customer email and login information in an unencrypted form.

“It has everything that a malicious hacker would, in theory, need to use to take over accounts and gain access to private and even proprietary information,” vpnMentor wrote in a blog post.

The data breach was noticed on February 12, and the company was notified on February 16. The database was pulled on February 17, the research team said in the post.

It is unclear whether the impact of the data breach has any affect on the database of Decathlon in other regions, except Spain and the UK. Gadgets 360 has reached out to the company to get more details.
The vpnMentor team believe that the data breach could be used for corporate espionage and phishing attacks. Furthermore, affected users are likely to receive a correspondence from the company detailing the impact of the breach.

Headquartered in France, Decathlon has its presence in 69 countries, with over 1,600 stores worldwide. The company is popular for using inventory robots and in-store mobile checkout systems to attract young customers.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Jagmeet Singh Tech journalist by profession, tech explorer by passion. Budding philomath. More
Oppo Reno 3 Pro Pre-Bookings Open Today on Amazon, Flipkart, Offline Stores: All You Need to Know
 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2020. All rights reserved.
Listen to the latest songs, only on JioSaavn.com