Personal information of around 8,000 global employees, which was exposed in an alleged Decathlon data breach two years ago, has been shared on the dark web.
According to a recent blog published by vpnMentor, an online hacker has shared the data from a previously reported breach, which affected Decathlon employees and customers worldwide.
This revelation was discovered by the firm’s research team in an online forum post that surfaced on September 7, 2023.
The forum user uploaded a 61-MB database purportedly linked to Decathlon. As per the post, this database is said to include personally identifiable information (PII) of approximately 8,000 Decathlon employees.
The data that was exposed in the Decathlon data breach also reportedly contained a range of sensitive information, such as full names, usernames, phone numbers, email addresses, details of countries and cities of residence, authentication tokens, and even photographs.
The data leak also featured information from Bluenove, a technology and consulting firm as well. On contacting Bluenove, the company responded, confirming the presence of duplicate copies of the database circulating on darknet forums.
Upon further examination of the data posted on the forum, the research team observed that the pilfered information appeared to align with the Decathlon employee data leak that the team had previously discovered and reported in 2021.
Although vpnMentor no longer possessed data samples from the initial Decathlon data leak incident due to their retention policy, the previous report indicates that the information contained in the sample shared by the hacker aligned with the data discovered by their team two years earlier.
This verification affirms the authenticity of the recently shared database.
In an effort to gather more information about the Decathlon data leak, The Cyber Express contacted both Decathlon and Bluenove.
Yet, as of the time of this writing, neither organization had issued an official statement or response. Consequently, the assertions concerning the Decathlon employee data breach and the Bluenove cyber attack remained unverified from the company’s viewpoint.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
A new paper gives an insider’s perspective into CISA’s Known Exploited Vulnerability catalog – and also offers a free tool…
The Cyber Express weekly roundup examines cyberattacks, AI misuse, data leaks, and regulatory pressure defining cybersecurity in early 2026.
This Spain Ministry of Science cyberattack incident does not exist in isolation.
The La Sapienza cyberattack shut down systems at Italy’s largest university, with reports linking the incident to BabLock malware and…
Trusted Access for Cyber is OpenAI’s new framework to expand secure use of GPT-5.3-Codex and ChatGPT for vetted cyber defenders.
Mitigating risk from End-of-Support edge devices is no longer about compliance, it’s about survival.
This website uses cookies. By continuing to use this website you are giving consent to cookies being used.
Read More