The France-based sports retailer Decathlon noticed recently that over 123 million records that included customer and employee information were exposed through a misconfigured database. A 9GB database on an Elasticsearch server was discovered by researchers at vpnMentor. From observations by vpnMentor, it seems as if the data belongs to Decathlon’s Spanish and UK businesses. The information included in the server was employee usernames, unencrypted passwords, Social Security numbers (SSNs), full names, addresses, mobile phone numbers, addresses, and birthdates. Also included in the database was customer information such as unencrypted email and log-in information. The company was notified four days after the database was discovered on February 16th and immediate action was taken. The database has since been made unavailable.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is