A data leak at Decathlon exposes 8,000 employees!


The personal information of around 8,000 employees worldwide, who were exposed in an alleged Decathlon data breach two years ago, has been shared on the dark web.

According to a recent blog post by vpnMentor, an online hacker shared data from a previously reported breach, which affected Decathlon employees and customers around the world.

This revelation was discovered by the company’s research team in an online forum post published on September 7, 2023.

Forum user uploaded 61MB database purportedly related to Decathlon. According to the post, this database would contain personally identifiable information (PII) on approximately 8,000 Decathlon employees.

Data exposed at Decathlon data breach also allegedly contained a range of sensitive information, such as full names, usernames, telephone numbers, email addresses, details of countries and cities of residence, authentication tokens and even photos.

Decathlon data leak, but there’s more!

Announcement of a second data breach at Decathlon
Source: Twitter

The data leak also contained information from Bluenove, a technology and consulting company as well. By contacting Bluenove, the company responded, confirming the presence of duplicate copies of the database circulating on darknet forums.

After further review of the data posted on the forum, the research team observed that the stolen information appeared to match the Decathlon employee data breach that the team previously discovered and reported in 2021.

Although vpnMentor no longer had data samples from the original Decathlon data leak incident due to its retention policy, the previous report states that the information contained in the sample shared by the pirate aligned with data discovered by their team two years earlier.

This verification asserts the authenticity of the recently shared database.

The response to the breach

In an effort to gather more information about the Decathlon data breach, The Cyber Express contacted Decathlon and Bluenove.

Yet, as of this writing, neither organization has issued an official statement or response. Therefore, the claims regarding the Decathlon employee data breach and the Bluenove cyberattack remained unverified from the company’s perspective.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only and users take full responsibility for their reliance on it. The Cyber ​​Express assumes no responsibility for the accuracy or consequences of the use of this information.

Leave a comment