After Facebook, LinkedIn and others, it is the turn of the French sports brand Decathlon to join the long list of companies accused of having leaked data. On its blog, the cybersecurity company VpnMentor reveals that insufficiently protected personal information of Decathlon employees has been exposed on the web.
Collected as part of a collaborative intelligence project involving 92,000 employees, customers and partners, this data was kept in a storage space managed by Bluenove, a sports brand service provider. As part of an “ethical hacking” aimed at detecting data left freely accessible by their owner, this information could be consulted without difficulty by the VpnMentor teams. According to their findings, Bluenove had not sufficiently secured access to the server containing this information.
The files recovered by VpnMentor contained the responses of 193 employees to the survey. But also personal information of employees and customers, without apparent link, such as names, phone numbers and emails. So much information that hackers could have seized for purposes of fraud or attack through a virus, notes VpnMentor. In total, it is the data of no less than 7,883 people who have been exposed. The cybersecurity company estimates that nearly 10% of Decathlon’s workforce is affected by this flaw.
Already in 2020
“By combining personal data, survey information and other exposed details, hackers could have mounted very effective email and phone phishing campaigns, masquerading as Bluenove or Decathlon,” notes the VpnMentor team in their report. Campaigns that would have allowed them to extract from their victims other sensitive data, such as their banking information.
This is not the first time that Decathlon has been singled out in a story of this kind: VpnMentor, which has made a specialty of flushing out potential data leaks, had already brought to light a similar case, mainly involving of the Spanish employees of the sports brand, in February 2020. Social security number, mobile phone number, information on employees’ employment contracts, etc. Following a server failure, this highly sensitive information found its way to the reach of any hacker.
You have 30.92% of this article to read. The rest is for subscribers only.