In a recent cybersecurity incident, Decathlon, the global sporting goods retailer, is grappling with the aftermath of a data breach that saw records of nearly 8,000 employees and customers exposed by a hacker. The breach, discovered by vpnMentor’s research team, unfolded through an online forum post on September 7, 2023.
Details of the Breach:
The forum user published a 61-MB database allegedly linked to Decathlon, containing a trove of personally identifiable information (PII) for around 8,000 Decathlon employees. This included full names, usernames, phone numbers, email addresses, countries and cities of residence, authentication tokens, and even photographs.
Immediate Response and Confirmation:
In response, vpnMentor promptly engaged with both Bluenove and Decathlon to report the discovery of the leaked data. Bluenove, a tech and consulting company, acknowledged the existence of copies of the database circulating on darknet forums. Further investigation by vpnMentor’s research team confirmed that the stolen information aligned with the Decathlon employee data leak reported in 2021.
Breach Background:
The 2021 breach, attributed to Bluenove, occurred due to a misconfigured Amazon Web Services (AWS) S3 bucket during the Vision 2030 campaign collaboration with Decathlon. While vpnMentor identified the leak in 2021 and notified Bluenove and AWS, at least one attacker accessed the data before the breach was secured. Notably, neither the 2021 breach nor this recent exposure resulted from any lapse or negligence on Decathlon’s part.
Potential Implications and Cybersecurity Measures:
The leaked data poses an increased risk of sophisticated phishing campaigns targeting Decathlon employees. This underscores the importance of robust cybersecurity practices, including stringent access controls, employee education, and regular updates to third-party security software and cloud encryption.
The Significance of Clearweb Leaks:
Hackers often use open platforms like clearweb forums to share and discuss data breaches, accelerating the dissemination of stolen information. Unlike darknets, clearweb forums don’t require technical expertise, making them a preferred channel for cybercriminals.
Action Steps for Potentially Affected Individuals:
Decathlon employees from March to November 2020 are advised to contact the company regarding measures taken to secure their data. They should also conduct a thorough review of online and financial accounts for suspicious activity and promptly address any anomalies, including changing email login credentials.
As data breaches persist, companies must prioritize robust cybersecurity practices. The recurrence of the breach from 2021 to 2023 underscores the ongoing threat of cybercrimes against those whose data was compromised.