Decathlon, the world’s largest sporting goods retailer, has suffered a massive data breach, affecting 123 million customer and employee records.
Cyber security researchers at vpnMentor found a leaky database on a publicly accessible Elasticsearch server. It contained information from the retailer’s Spanish businesses and potentially its UK stores.
Employees’ names, addresses, usernames, passwords, social security numbers, phone numbers and dates of birth were all affected.
Customers’ email addresses and login information were also compromised.
Decathlon has now secured the database, after becoming aware of the breach last week. However, it’s not known how long the information was exposed and whether any malicious individuals accessed it.
What’s at risk?
The team at vpnMentor said the leaked database was “a veritable treasure trove” of data that contains “everything that a malicious hacker would, in theory, need to take over accounts and gain access to private and even proprietary information”.
For example, they could use administrator login details to conduct corporate espionage or use email addresses and other details to send phishing emails to customers and employees.
The researchers even suggested that some employees could be in physical danger.
“Employees’ positions and work locations are spread throughout this database, as well as their own physical home addresses.
“This could lead to disgruntled former co-workers or irate customers tracking them down and threatening their physical safety and well-being,” the researchers wrote.
Decathlon is downplaying the severity of the breach, claiming that only a small percentage of the records contained in the dat ..
Support the originator by clicking the read the rest link below.
