Decathlon employee data leaked online following breach

Image Credit: Shutterstock (Image credit: Shutterstock)

A tranche of Decathlon employee data stolen in a leak two years ago has now made it to the dark web, cybersecurity researchers are saying.

A blog post from vpnMentor revealed how someone posted a new thread on an online forum, with a database allegedly containing personally identifiable information (PII) of some 8,000 Decathlon employees. 

The database, published on September 7, was 61MB in size, and apparently contained enough sensitive information to run a phishing campaign or identity theft: full names, usernames, phone numbers, email addresses, countries and cities of residence, authentication tokens, and photos. 

Misconfigured databases

The data was taken in 2021. Back then, vpnMentor reminds, a tech and consulting company Bluenove partnered with Decathlon for its Vision 2030 campaign. Bluenove is a firm working on “massive collective intelligence”, while Decathlon is a French sporting goods retailer. During the Vision 2030 campaign, Bluenove surveyed Decathlon’s employees and customers.

It stored the data it generated in an Amazon Web Services (AW) S3 bucket, which was misconfigured. As a result, someone stole the data residing there before Bluenove managed to lock it down in mid-April that year. 

Now, two years later, the data has surfaced, and according to mentorVPN, chances are it’s legitimate. “While we no longer have the data samples from the original leak incident due to our retention policy, our report from before shows that the data shared in the sample posted by the hacker is consistent with the data we found two years prior,” vpnMentor wrote in a blog post. “This confirms that the recently shared database is authentic.”

Bluenove acknowledged the existence of the data leak, the researchers said, adding that they’re advising the consulting company on how to mitigate the damage. While Decathlon and its employees are the real victims here, the company cannot be blamed, and could have done nothing to prevent this from happening, the researchers concluded.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.