Sporting company Decathlon has suffered a massive data breach exposing records of over 123 million users and employees.
According to researchers at vpnMentor, more than 9GB of data was leaked from an unsecured ElasticSearch server.
The leaked information, which primarily pertains to the Spanish arm of the company, was found on February 12th, with Decathlon was informed on 16th February, with the company saying the server was fixed the next day itself.
According to Decathlon, the majority of the data was related to its employees, with very few customers affected.
The leaked files contained information including employee user names, un-encrypted passwords, official email addresses, employee contract information, API logs and API credentials.
But also included personally identifiable information like social security numbers, nationalities, mobile phone numbers, full addresses and birth dates of the employees.
Un-encrypted login credentials and private IP addresses belonging to Decathlon’s customers could also be found in the leaked database.
Experts believe the perpetrators may try to further steal data using the administrator credentials or send phishing emails to the customers. Attempts of identity theft and physical attacks cannot be ruled out as the leaked data had personally identifiable information.
“The leaked Decathlon Spain database contains a veritable treasure trove of employee data and more. It has everything that a malicious hacker would, in theory, need to use to take over accounts and gain access to private and even proprietary information,” said vpnMentor.
If you’re bewildered by the prospect of reviewing your Data Backup, we can help.
We’re Net Platforms and we have years of experience in supporting small-medium businesses across London and Essex with such technology challenges. We’ll get to know your business and create the most appropriate solution to meet your technical requirements, while being commercially sensible in cost. Please contact the team today on 0207 993 9035 or firstname.lastname@example.org.