Skip to main content

Over 100 million Decathlon records breached

(Image credit: Image Credit: Wright Studio / Shutterstock)

French sporting goods manufacturer Decathlon has suffered a huge breach, which has seen millions of customer records exposed.

According to Computer Weekly (opens in new tab), the breach was caused by a misconfigured cloud service and a total of 123 million records were exposed.

The data exposed includes customer usernames, passwords (unencrypted), API logs, API usernames and passwords (also unencrypted), as well as private IP addresses, login attempts and API details.

The database also contained staff names, nationalities, birthdays, phone numbers, addresses, education details, qualifications and contract information.

“The leaked database contains a veritable treasure trove of employee data (opens in new tab) and more,” said the researchers who uncovered the breach.

“It has everything a malicious hacker would, in theory, need to use to take over accounts and gain access to private and even proprietary information.”

Decathlon was notified of the mishap on February 16 and the leak was plugged the following day. But, despite the firm's quick response, it's possible hackers could use the exposed data to conduct business email compromise (BEC) or phishing attacks going forward.

“Decathlon could easily have avoided this leak if they had taken some basic security measures (opens in new tab) to protect the database,” the researchers said.

“These include, but are not limited to: secure your servers, implement proper access rules, and never leave a system that doesn’t require authentication open to the internet.”

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.