Decathlon, a popular sporting retail chain, has suffered a data breach, which has exposed the personal information of over 123 million users. As per the report, the breached database contains sensitive information of the Decathlon employees and its customers.
As per a report vpnMentor, the breach is affected by the Spanish division of Decathlon, though it might also include some data of the company’s UK business. There is no information on whether the data breach has affected Indian users or not. The report further highlights that the database is around 9GB in size and the leaked data reportedly include all the personal information.
“We were able to access Decathlon’s database because it was completely unsecured and unencrypted. Using a web browser, the team could access all files hosted on the database,” vpnMentor said in a blog post.
The list includes employee usernames, unencrypted passwords, API logs, API username and unencrypted password, social security numbers, full names, nationalities, mobile phone numbers, full addresses, birthdates, education, work email address, employment contract information, customer email and login information and private IP addresses.
The data breach was noticed on February 12 and the company was notified on February 16. The researcher said that the database was pulled on February 17. The report further highlights that the breached database could be used for corporate espionage, phishing scam, identity theft, physical threats and more.