Experts from vpnMentor have uncovered a leaking, active database containing over 123 million records belonging to the sporting goods retailer Decathlon Spain (and possibly Decathlon UK as well).
The unsecure archive is greater than 9GB in size and was published on an ElasticSearch server.
“The vpnMentor cybersecurity research team, led by Noam Rotem and Ran Locar, have uncovered a leaking, active database with over 123 million records and greater than 9GB in size on an ElasticSearch server, belonging to Decathlon Spain.” reads the post published by vpnMentor.
vpnMentor researchers discovered the Decathlon’s data leak as part of a huge web mapping project, the database was accessible using a common web browser.
The experts discovered the database on February 12, 2020, and reported their discovery to Decathlon on February 16, the archive was security on February 17.
The records contained in the unsecured database include employee data and more such as:
“Our research team was only able to confirm that the database belonged to Decathlon Spain, with a strong possibility of Decathlon United Kingdom information included as well.” reported vpnMentor. “These are the countries where we found local Decathlon data included in the leak, but we did not go through all 123 million+ records, and it is possible that there are more locations in additional countries that were impacted.”
The archive also includes unencrypted logins for administrators that could be used by attackers to take over accounts and obtaining otherwise confidential information about stores, employees, and customers.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – data leak, privacy)
[adrotate banner=”5″]
[adrotate banner=”13″]
The MITRE Corporation revealed that a nation-state actor compromised its systems in January 2024 by…
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
This website uses cookies.