The unsecure archive is greater than 9GB in size and was published on an ElasticSearch server.
The experts discovered the database on February 12, 2020, and reported their discovery to Decathlon on February 16, the archive was security on February 17.
The records contained in the unsecured database include employee data and more such as:
“Our research team was only able to confirm that the database belonged to Decathlon Spain, with a strong possibility of Decathlon United Kingdom information included as well.” reported vpnMentor. “These are the countries where we found local Decathlon data included in the leak, but we did not go through all 123 million+ records, and it is possible that there are more locations in additional countries that were impacted.”
The archive also includes unencrypted logins for administrators that could be used by attackers to take over accounts and obtaining otherwise confidential information about stores, employees, and customers.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.