Decathlon Partner Data Breach from 2021 Returns with 8,000+ Exposures

  • By Steven
  • Oct 17, 2023

Decathlon Partner Data Breach
Decathlon is a global sporting goods retailer with over 100,000 employees and 1,700+ storefronts worldwide. In 2022, Decathlon reported 15.4 billion euros of net sales revenue, shared with 55,000 shareholding teammates. However, Decathlon suffered a significant data leak a year before its substantial revenue report. Credentials from that attack have resurfaced recently, putting the private information of nearly 8,000 individuals at risk.

How Did the Attack Occur? 

The attack did not occur due to Decathlon’s negligence but from one of their partners, Bluenove. The fault of the data breach lies with Bluenove, despite its impact directed at Decathlon employees. Bluenove, a tech and consulting solution assistant, conducted a survey and stored those answers within a misconfigured Amazon Web Service server. We suspect that the misconfiguration of Bluenove’s server may have occurred via an unchanged administration password or user negligence; the hacker could have taken advantage of the server following a user not adequately securing the data after its use.

What Information was Viewed or Stolen? 

The stolen information was part of a 61-MB database that contained sensitive employee details, including personally identifiable information (PII). The hackers obtained employee names, usernames, countries and cities of residence, phone numbers, emails, authentication tokens, and photographs. Hackers stole the same information two years ago, confirming this leak is related to the prior. The loss of employee PII is substantial, opening individuals to risk while bringing threat actors to the doorstep of Decathlon.

How Did Decathlon Admit to the Breach? 

The most recent breach is a continuation of an attack two years ago. On March 9th, 2021, a data breach was discovered by vpnMentor, prompting communication with Bluenove and Decathlon in response. Experts had mended the vulnerability on April 13th, 2021, but a single threat actor stole data within that window. Fast forward to September 7th, 2023, and another data leak is detected by vpnMentor. Shortly after this, on September 18th, Bluenove confirmed copies of the stolen 2021 database are on dark forums. As of October 14th, neither Bluenove nor Decathlon have made public statements about the breach; however, those impacted by it should expect breach notifications in the coming weeks.

What Will Become of the Stolen Information? 

It’s challenging to say what will happen with the stolen data. If cyber experts had asked the question two years ago, they may have warned against identity schemes. Now, however, other situations may unfold. Advanced phishing and impersonation attempts could be on the horizon, but more likely, hackers may be interested in authentication permissions. The theft of employee usernames and authentication tokens may point toward conglomerate network threats. At the same time, email accounts and photos may indicate private access threats. Even worse, the information could resurface later because there are multiple copies of the 61-MB database online now.

What Should Affected Parties Do in the Aftermath of the Breach? 

Decathlon employees from March 2020 to November of that year must contact Decathlon to discuss their options. They should also take measures to ensure their data is protected. They can start by updating their email and company accounts with multi-factor authentications. Those impacted should also consider hiring financial and identity monitoring services; monitoring these essential accounts can go far in mitigating damages brought on by the data breach.

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “A ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

Health Organization Records Stolen via Welltok’s MOVEit - 930k+ Including Minors

Health Organization Records Stolen via Welltok’s MOVEit - 930k+ Including Minors

The number of victims caused by the global MOVEit data breach continues to climb; Welltok has announced more exposures, this time from three more health organizations.

MOVEit Breach Creates More Victims; 105k Records Stolen from Insurance Group

MOVEit Breach Creates More Victims; 105k Records Stolen from Insurance Group

"Pan American Life Insurance Group Building - New Orleans" by Tony Webster is licensed under CC BY 2.0. Source: Flickr

New York Healthcare Provider Notified 600k Following Network Cyberattack

New York Healthcare Provider Notified 600k Following Network Cyberattack

East River Medical Imaging (ERMI) has three locations in New York City and Westchester County.  ERMI is a "multi-modality radiology center," including patient-centered solutions like MRIs, CTs, ultrasounds, imaging, radiology, fluoroscopy, and x-rays.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address