Azerbaijan Xploiter Team
123 Million Records Leaked Online by Sports Retailer Decathlon - Mohamed Roshdy | محمد رشدي Skip to main content

Decathlon’, one of the most popular sports gear retailers in the world has left an unprotected server online exposing 123 million records of both employees and customers. The sportswear retailer was storing data on the internet without using any encryption at all and now customers and employees are running the risk of falling victims to identity theft or phishing actors.

Upon analyzing the data, the researchers from VPN Mentor found out that the following things have been exposed:

  • Employee usernames

  • Unencrypted passwords

  • API logs

  • API username and unencrypted password

  • PII of employees

  • Social security numbers

  • Full names

  • Nationalities

  • Mobile phone numbers

  • Full addresses

  • Birthdates

  • Education

  • Work email addresses

  • Employment contract information

  • Working hours

  • Location

  • Qualifications

  • Contract period

  • Roles

  • Customer email and login information, unencrypted

  • Private IP addresses

Please take the following actions if you have ever worked with Decathlon or if you have ever shopped with them:

1. Change your password right away and never use the same password twice (see my article on credential stuffing below)

2. Send an email to them and let them know that you are aware of the breach and if your data has been exposed ask them to provide you with Identity protection and credit Monitoring services.]

Also read about  How To Stay Cyber-Secure While Working From Home

Author Mohamed Roshdy

Egyptian Film Director & Filmmaker, specialized in Advertising in Egypt, Promotions in Middle-East, Digital Marketing and Offline Marketing in Europe & Middle-East. Awarded globally and locally.

More posts by Mohamed Roshdy

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© All rights reserved 2020 Mohamed Roshdy