02 Mar Over 120 million Decathlon accounts hacked
(Image credit: Shutterstock.com / Tharnapoom Voranavin)
Employee and user data leaked due to unsecured server.
Sporting company Decathlon has suffered a massive data breach exposing records of over 123 million users and employees.
According to researchers at vpnMentor, more than 9GB of data was leaked from an unsecured ElasticSearch server.
The leaked information, which primarily pertains to the Spanish arm of the company, was found on February 12th, with Decathlon was informed on 16th February, with the company saying the server was fixed the next day itself.
Decathlon hack
According to Decathlon, the majority of the data was related to its employees, with very few customers affected.
The leaked files contained information including employee user names, un-encrypted passwords, official email addresses, employee contract information, API logs and API credentials.
But also included personally identifiable information like social security numbers, nationalities, mobile phone numbers, full addresses and birth dates of the employees.
Un-encrypted login credentials and private IP addresses belonging to Decathlon’s customers could also be found in the leaked database.
Experts believe the perpetrators may try to further steal data using the administrator credentials or send phishing emails to the customers. Attempts of identity theft and physical attacks cannot be ruled out as the leaked data had personally identifiable information.
“The leaked Decathlon Spain database contains a veritable treasure trove of employee data and more. It has everything that a malicious hacker would, in theory, need to use to take over accounts and gain access to private and even proprietary information,” said vpnMentor.
We’re Urban Network, we can help save your Business.
We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.
Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.
Among our range of skills, we have a specialism in boosting Security. Ensuring we aid our clients with employing the best & most appropriate practices, procedures and tools to increase efficiency in the workplace.
If you have any concerns or challenges with your technology generally, we would like to hear from you. Please contact the team today.
News Source: https://www.techradar.com/uk/news/over-120-million-decathlon-user-accounts-hacked
