Adidas IsMost people have seen or are aware of the Adidas brand of shoes, clothing, and other products. These are sold in retail establishments and online. Recently Adidas had the opportunity to experience the excitement of a breach with their online venture.
An unauthorized party accessed the Adidas servers. This was unknown to Adidas until they were notified by a third party. The data was exfiltrated on June 26, 2018. This data included the user’s contact information, usernames, and encrypted passwords. Fortunately for the users, their credit card details and health-oriented data was stored elsewhere. With any breach, the vector and method could, in theory, take many forms. In this case, the method is unknown. To understand how this happened, Adidas is working with a security firm and law enforcement.
The affected parties were the Adidas customers purchasing products on the adidas.com/US website. This has affected literally millions of people.
One open question involves the InfoSec in place at Adidas. Seemingly, the security team, the SIEM, or something would have noticed the mass amount of data for millions of clients leaving the organization. Adidas had to learn of this from a third party. Also, the logs would have indicated, unless modified by the attackers, that this area was accessed by a party that was not authorized. There are these and many other questions re: the breach, which hopefully will be answered in the upcoming weeks.
Looking forward, the enterprise should have some form of a monitoring device or staff in place to review anomalies, unusual access, etc. This would have hopefully been able to note there was an issue and begin to limit the damage.
Adidas. (2018, June 18). Adidas alerts certain consumers of potential data security incident. Retrieved from https://www.adidas-group.com/en/media/news-archive/press-releases/2018/adidas-alerts-certain-consumers-potential-data-security-incident/
Gibson, K. (2018, June 28). Adidas data-security breach could involve “a few million customers”. Retrieved from https://www.cbsnews.com/news/adidas-security-breach-could-involve-a-few-million-customers/
Green, A. (2018, June 1). Adidas website hacked, changes your passwords now. Retrieved from https://www.komando.com/happening-now/468214/adidas-website-hacked-change-your-password-now
Humphries, M. (2018, June 29). Adidas website hacked, millions of US customer details stolen. Retrieved from https://www.pcmag.com/news/362173/adidas-website-hacked-millions-of-us-customer-details-stolen
Jones, R. (2018, June 29). Adidas warns customers of website hack. Retrieved from https://solecollector.com/news/2018/06/adidas-website-hack
Murdoch, J. (2018, June 29). Adidas hack: ‘Millions’ of U.S. website customers warned of cyber theft. Retrieved from http://www.newsweek.com/adidas-breach-hack-us-website-customers-warned-their-data-has-been-hacked-1000974
Sepe, R. (2018, June 29). Adidas US website hit by data breach. Retrieved from https://www.darkreading.com/cloud/adidas-us-website-hit-by-data-breach/d/d-id/1332186
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.