Over 100 million Decathlon records breached

Antus67

Level 9
Thread author
Verified
Well-known
Nov 3, 2019
413
Personally identifiable data was leaked and the business now faces potential phishing and BEC attacks.

French sporting goods manufacturer Decathlon has suffered a huge breach, which has seen millions of customer records exposed.

According to Computer Weekly, the breach was caused by a misconfigured cloud service and a total of 123 million records were exposed.



The data exposed includes customer usernames, passwords (unencrypted), API logs, API usernames and passwords (also unencrypted), as well as private IP addresses, login attempts and API details.

The database also contained staff names, nationalities, birthdays, phone numbers, addresses, education details, qualifications and contract information.

“The leaked database contains a veritable treasure trove of employee data and more,” said the researchers who uncovered the breach.

“It has everything a malicious hacker would, in theory, need to use to take over accounts and gain access to private and even proprietary information.”

Decathlon was notified of the mishap on February 16 and the leak was plugged the following day. But, despite the firm's quick response, it's possible hackers could use the exposed data to conduct business email compromise (BEC) or phishing attacks going forward.

“Decathlon could easily have avoided this leak if they had taken some basic security measures to protect the database,” the researchers said.

“These include, but are not limited to: secure your servers, implement proper access rules, and never leave a system that doesn’t require authentication open to the internet.”
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top