Subj : Decathlon employee data leaked online following breach
To   : All
From : TechnologyDaily
Date : Thu Oct 12 2023 09:45:05

Decathlon employee data leaked online following breach

Date:
Thu, 12 Oct 2023 08:31:44 +0000

Description:
Two-year-old database with PII on Decathlon employees surfaces on the dark 
web.

FULL STORY
======================================================================

A tranche of Decathlon employee data stolen in a leak two years ago has now 
made it to the dark web, cybersecurity researchers are saying. 

A blog post from vpnMentor revealed how someone posted a new thread on an 
online forum, with a database allegedly containing personally identifiable 
information (PII) of some 8,000 Decathlon employees. 

The database, published on September 7, was 61MB in size, and apparently 
contained enough sensitive information to run a phishing campaign or identity 
theft : full names, usernames, phone numbers, email addresses, countries and 
cities of residence, authentication tokens, and photos. Misconfigured 
databases 

The data was taken in 2021. Back then, vpnMentor reminds, a tech and 
consulting company Bluenove partnered with Decathlon for its Vision 2030 
campaign. Bluenove is a firm working on massive collective intelligence, 
while Decathlon is a French sporting goods retailer. During the Vision 2030 
campaign, Bluenove surveyed Decathlons employees and customers. 

It stored the data it generated in an Amazon Web Services (AW) S3 bucket, 
which was misconfigured. As a result, someone stole the data residing there 
before Bluenove managed to lock it down in mid-April that year. 

Now, two years later, the data has surfaced, and according to mentorVPN, 
chances are its legitimate. While we no longer have the data samples from the 
original leak incident due to our retention policy, our report from before 
shows that the data shared in the sample posted by the hacker is consistent 
with the data we found two years prior, vpnMentor wrote in a blog post. This 
confirms that the recently shared database is authentic. 

Bluenove acknowledged the existence of the data leak, the researchers said, 
adding that theyre advising the consulting company on how to mitigate the 
damage. While Decathlon and its employees are the real victims here, the 
company cannot be blamed, and could have done nothing to prevent this from 
happening, the researchers concluded. More from TechRadar Pro Thousands of 
corporate logins have been taken by info-stealing malware Here's a list of 
the best firewalls today These are the best privacy tools around



======================================================================
Link to news story:
https://www.techradar.com/pro/security/decathlon-employee-data-leaked-online-f
ollowing-breach


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.