Popular sports equipment retail chain Decathalon is the latest addition to the list of ever-increasing data breach incidents.
The sports giant is said to have suffered from a data breach that exposed its massive user data through a misconfigured database. The security rupture put the record of over 123 million users and employees at stake, as per a report. It is believed that the affected database mainly contained private information of the Spanish division of Decathlon. However, it is also likely to include some data on the company’s UK business.
Upon being notified about the breach, the company closed down public access to the unsecured database, although it was done on the 17th of February, while the breach took place on the 12th of February.
The database in question was said to be 9GB in size and available on an unsecured ElasticSearch server. It was discovered by a team at security-focused firm vpnMentor.
“The leaked Decathlon Spain database contains a veritable treasure trove of employee data and more. It has everything that a malicious hacker would, in theory, need to use to take over accounts and gain access to private and even proprietary information,” said vpnMentor.
According to Decathlon, majority of the data was related to its employees, with very few customers affected. The leaked data reportedly included employee usernames, unencrypted passwords, personally identifiable information (PII) including social security numbers, full names, addresses, mobile phone numbers, addresses, and birth dates. Further, the researchers noted that the database also had customer email and login information in an unencrypted form.
It couldn’t be immediately verified whether the impact of the data breach has any effect on the database of Decathlon in other regions, except Spain and the UK.
Decathlon is one of the largest sports retail chains in the world, with a presence in 69 countries and over 1,600 stores worldwide. The company is popular for using inventory robots and in-store mobile checkout systems to attract young customers.
The incident comes amid a string of high profile data breaches involving many big names like Samsung, Google, Microsoft among others.