Scroll Top

Hacker leaks data of 8,000 Decathlon employees and customers; Previous breach confirmed


In a concerning development, a hacker has successfully leaked the data of approximately 8,000 Decathlon employees and customers. This latest breach has far-reaching implications, as the exposed information could potentially be exploited in sophisticated phishing campaigns and other malicious activities, putting individuals’ sensitive data at risk.

The hacker’s modus operandi involves impersonating official representatives of both Bluenove and Decathlon, manipulating affected individuals into divulging social security numbers and other personal identifiable information (PII). This stolen information could subsequently be used for identity theft, as well as fraudulent financial and government transactions.

The breach came to light through the diligent efforts of the vpnMentor research team, who discovered a 61-megabyte database that appeared to belong to the prominent French sporting goods retailer, Decathlon. This database, containing a wealth of sensitive information, was leaked on a web forum. Among the data exposed were full names, usernames, phone numbers, email addresses, countries and cities of residence, authentication tokens, and even photos.

The breach was initially detected on September 7, 2023, prompting vpnMentor to take immediate action by notifying both Bluenove and Decathlon of the security incident. Subsequently, Bluenove confirmed the existence of copies of this database circulating on darknet forums on September 18, 2023. Intriguingly, the leaked data appeared to align with a previous Decathlon employee data breach that vpnMentor had reported in 2021, effectively corroborating the legitimacy of the recently shared database.

This security breach has been linked to the technology and consulting company, Bluenove, a key partner in Decathlon’s Vision 2030 campaign. The exposed data had originally been collected via a survey and was stored within an Amazon Web Services (AWS) S3 bucket, which was unfortunately misconfigured. This was not the first time this vulnerability had come to vpnMentor’s attention, as they had previously detected it on March 9, 2021, and promptly reported it to Bluenove and AWS. A fix was implemented by April 13, 2021, following vpnMentor’s communication with Decathlon.

Importantly, it should be emphasized that neither the 2021 data leak nor this most recent breach resulted from Decathlon’s negligence. Decathlon was not responsible for securing the data collected by Bluenove, and they had no way of knowing whether external actors had gained unauthorized access to this information. This incident underscores the ongoing challenge of safeguarding sensitive data in the digital age and the importance of maintaining robust cybersecurity measures.

As the situation unfolds, Internet Intelligence will continue to monitor developments and provide further updates regarding this breach and any potential implications for the affected individuals. It is essential for individuals who may be impacted to remain vigilant and take necessary precautions to protect their personal information and online security.

Related Posts

Leave a comment

You must be logged in to post a comment.
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.