Personal information of around 8,000 global employees, which was exposed in an alleged Decathlon data breach two years ago, has been shared on the dark web.
According to a recent blog published by vpnMentor, an online hacker has shared the data from a previously reported breach, which affected Decathlon employees and customers worldwide.
This revelation was discovered by the firm’s research team in an online forum post that surfaced on September 7, 2023.
The forum user uploaded a 61-MB database purportedly linked to Decathlon. As per the post, this database is said to include personally identifiable information (PII) of approximately 8,000 Decathlon employees.
The data that was exposed in the Decathlon data breach also reportedly contained a range of sensitive information, such as full names, usernames, phone numbers, email addresses, details of countries and cities of residence, authentication tokens, and even photographs.
Decathlon data leak, but there’s more!
Source: Twitter

The data leak also featured information from Bluenove, a technology and consulting firm as well. On contacting Bluenove, the company responded, confirming the presence of duplicate copies of the database circulating on darknet forums.

Upon further examination of the data posted on the forum, the research team observed that the pilfered information appeared to align with the Decathlon employee data leak that the team had previously discovered and reported in 2021.
Although vpnMentor no longer possessed data samples from the initial Decathlon data leak incident due to their retention policy, the previous report indicates that the information contained in the sample shared by the hacker aligned with the data discovered by their team two years earlier.
This verification affirms the authenticity of the recently shared database.
The response to the breach
In an effort to gather more information about the Decathlon data leak, The Cyber Express contacted both Decathlon and Bluenove.
Yet, as of the time of this writing, neither organization had issued an official statement or response. Consequently, the assertions concerning the Decathlon employee data breach and the Bluenove cyber attack remained unverified from the company’s viewpoint.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.