The data breach has put a record of 123 million users and employees at risk. The company has reported that most of the data is related to its employees. The database in question was stored on an unsecured ElasticSearch. According to the security firm, vpnMentor, the database is of 9GB in size.
Most of the leaked information includes employee usernames, unencrypted passwords, and personal identifiable information (PII). The personal information details include employee’s full name, mobile number, addresses, email address, birth dates and even the social security number. The customer information was also found in an unencrypted form on the server. This information includes customer email and login information.
In a blog post, vpnMentor wrote, “The leaked Decathlon Spain database contains a veritable treasure trove of employee data and more. It has everything that a malicious hacker would, in theory, need to use to take over accounts and gain access to their private and proprietary information.”
The researchers team claim that cybercriminals can use administrator logins to conduct corporate espionage, and bombard customers and employees with phishing emails and engage in identity fraud. The unsecured database was discovered on February 12. Decathlon has immediately taken an action by closing down the public access on February 17.
Decathlon claims that only a small percentage of the data concerns customer data, most of the leaked data is related to its employees. The data breach has highlighted the most essential element of cybersecurity. As more and more companies are moving to the cloud, security should be the top concern for them.