The sports company Decathlon has suffered a massive data breach exposing the records of more than 123 million users and employees. According to vpnMentor researchers, more than 9 GB of data has been leaked from an insecure ElasticSearch server. The leaked information, which mainly concerns the company's Spanish branch, was found on February 12, and reported to Decathlon on February 16, the company saying the server had been fixed the next day.
decathlon hack
According to Decathlon, most of the data concerned its employees, very few customers were concerned. The leaked files contained information, including employee usernames, unencrypted passwords, official email addresses, employee contract information, API logs, and information. Identification API But it also included personally identifiable information such as social security numbers, nationalities, mobile phone numbers, full addresses and dates of birth of employees. Unencrypted login credentials and private IP addresses belonging to Decathlon customers can also be found in the disclosed database. Experts believe that the perpetrators may try to steal more data using administrator credentials or send phishing emails to customers. Identity theft attempts and physical attacks cannot be excluded as the data disclosed contained personally identifiable information. “The Decathlon Spain database leak contains a treasure trove of employee data and more. It has everything a malicious hacker would need, in theory, to use to take over accounts and access private and even private information," said vpnMentor. Via: ComputerWeekly