Adidas Morocco Hacked, 62k Clients Exposed

Latest security breach of iconic brand

A Moroccan branch of the world-famous sportswear brand Adidas was hacked on November 25, 2022.

Headquartered in Herzogenaurach, Bavaria, Adidas designs and manufactures shoes, clothing and accessories. It is the largest sportswear manufacturer in Europe, and the second largest in the world.

The German multinational corporation previously suffered a massive data breach back in 2018. In that case, in June 2018, millions of Adidas US consumers were compromised due to a third party intrusion into the system. The company said back then in a brief announcement on its site that it believed customers’ contact information, usernames, and encrypted passwords may have been leaked as a result of a compromise.

Adidas hasn’t been involved in any similar incidents since then.

Notably Adidas has a controversial relationship with the Moroccan people, provoking several misunderstandings in the country. The latest gaffe was over the design of an Algerian soccer jersey, debuted at the World Cup in Qatar, which featured a pattern of Moroccan origin called “zellige”.

Morocco, which is fiercely competitive with its neighbor Algeria, accused Adidas of “culturally appropriating” zellige. The sportswear brand has since admitted using Moroccan ceramic motifs.

Photo by Houcine Ncib

What about the new data breach?

On December 3, a database belonging to Adidas.co.ma was shared in an underground hacking forum. The threat actor “Chucky”, also known as “Leakbase”, is believed to be behind this incident. The hacker speaks Russian and has had a presence in the darknet hacking community for several years now.

The Kaduu Team has analyzed the leaked database and concluded that the attack took place on November 25. Compromised information includes data on more than 62k customers and employees.

We verified the data by attempting to register a new account using leaked credentials, the results proving them to be real.

“The email address is already taken, please choose another one” indicates the error

The following customer data has been compromised, including PII in bold:

id_customer, id_shop_group, id_shop, id_gender, id_default_group, id_lang, id_risk, company, siret, ape, first name, last name, email, password(hashed), last_passwd_gen, birthday, newsletter, ip_registration_newsletter, newsletter_date_add, optin, website, outstanding_allow_amount, show_public_prices, max_payment_days, secure_key, note, active, is_guest, deleted, date_add, date_upd, reset_password_token, reset_password_validity

The stolen passwords in the database are stored in Bcrypt hashed format, which is a relatively secure encryption. However, hackers can crack such passwords at no time by comparing them to known hashed-unhashed pairs.

As well as the Adidas customers, 74 employees of the Morocco Adidas branch have been compromised. The following staff PII data was found in the breached database: full employee names, emails and passwords stored in bcrypt format.

At the time of writing the company had not release any statements about the incident, nor denied it.

The Kaduu Team recommends that everyone remains vigilant, uses strong passwords and changes them frequently, especially if seen in a data breach. Meanwhile, we advise you to read our previous article about ransomware attacks on healthcare providers.

Stay up to date with exposed information online. Kaduu with its cyber threat intelligence service offers an affordable insight into the darknet, social media and deep web.