Decathlon is a French sporting goods retailer.
The company has over 1,600 stores across 56 countries and employs more than 96,000 people.
Its revenue in 2019 was $13.3 billion.
But rare are these times.
Most often, we need days of investigation before we understand whats at stake or whos exposing the data.
Some affected parties deny the facts, disregarding our research or playing down its impact.
Decathlon employee PII data
So, we need to be thorough andmake sure everything we find is correct and accurate.
However, they require users to set up security protocols manually.
Bluenove failed to configure the security parameters on its S3 bucket, leaving it open and publicly accessible.
Decathlon employee PII data
Furthermore, the S3 bucket contained the companys name, exposing it as the owner immediately.
After discovering the S3 bucket, our team undertook a thorough investigation of the data stored within.
Decathlon reached out once more shortly after.
Example of Entries in the S3 Bucket
Bluenoves S3 bucket contained 7,883 files, totaling 64 megabytes.
The data contained answers submitted by 193 people surveyed, including their Personally Identifiable Information (PII) Data.
However, the data breach may havecompromised close to 10% of Decathlons workforce.
Amazon provides detailed instructions to AWS users to help them secure S3 buckets and keep them private.
To learn about data vulnerabilities in general, read ourcomplete guide to online privacy.
They then examine each data store for any data being leaked.
Our team was able to access this S3 bucket because it was completely unsecured and unencrypted.
As ethical hackers, were obliged to inform a company when we discover flaws in their online security.
The purpose of this web mapping project is to helpmake the internet safer for all users.
We never sell, store, or expose any information we encounter during our security research.
Our ethical security research team has discovered and disclosed some of the most impactful data breaches in recent years.
This has included an enormous data breachexposing the data of 10,000s of online shoppers worldwide.
We also uncovered separate scams targeting users onFacebook,Instagram, andSpotify.
You may also want to read ourVPN Leak Report and Data Privacy Stats Report.
Help Us Protect The Internet!
Check the Leak Box here »
like, comment on how to improve this article.
