Skip to content
Data breachUnknown

Leak at Go Sport

In December 2024, French sporting-goods retailer Go Sport was named in dark-web claims of a customer data leak; the alleged fresh breach was debunked, with the data tracing back to a 'go-sport.com' file in an earlier compilation of past French breaches.

Victim
Go Sport

On 20 December 2024, Go Sport — a major French sporting-goods retail chain — was named in dark-web claims that its customer data had been leaked. The claims were debunked in early January 2025: investigations found no evidence of any fresh unauthorized access to or exposure of Go Sport's systems.

The data circulating under Go Sport's name traces back to a "go-sport.com-export.txt" file that was part of an earlier, much larger compilation. In September 2024, Cybernews and researcher Bob Dyachenko reported an exposed, misconfigured Elasticsearch instance (about 30 GB, ~95 million documents) that aggregated at least 17 past French data breaches. Go-Sport was listed among the affected brands, alongside Darty, Intersport, LDLC, SFR, Shadow, Sport2000 and others.

The data points associated with that compilation typically included:

  • Full names
  • Email addresses
  • Phone numbers
  • Postal addresses
  • IP addresses
  • Partial payment information

This record therefore reflects a recirculation/extortion-style claim built on previously leaked Go Sport data rather than a newly confirmed intrusion. Go Sport reaffirmed its security posture, and no fresh breach tied to this December 2024 claim has been substantiated. Status remains unconfirmed.

Sources

  1. cybernews.comhttps://cybernews.com/security/french-records-exposed-by-mysterious-data-hoarder/
  2. dailydarkweb.nethttps://dailydarkweb.net/no-evidence-of-data-breach-for-go-sport-in-france/
  3. incyber.orghttps://incyber.org/en/article/massive-database-of-french-internet-users-leaked-online/

Related incidents

Data breachUnknown

Leak at Electro Dépôt

Customer data attributed to French electronics retailer Electro Dépôt surfaced as one of at least 17 French breaches consolidated on an open database, exposing names, contact details, IP addresses and partial payment data.

Victim
Electro Dépôt
Data breachResolved

Data leak at Sport 2000

Customer database of French sporting-goods retailer Sport 2000 — covering roughly 4.3 million people — was stolen and circulated on hacking forums and the dark web, exposing names, contact details, dates of birth and purchase history.

Victim
Sport 2000
Records
4.4M
Data breachContained

Data leak at Top Achat

On 12 December 2024, French PC-hardware e-tailer Top Achat (LDLC group) disclosed a breach exposing customer names, email and postal addresses; no passwords or payment data were affected. The intrusion was linked to an earlier compromise at parent company LDLC.

Victim
Top Achat
Data breachOngoing

Leak at LDLC

On 10 December 2024, French high-tech e-commerce retailer LDLC disclosed a data breach exposing personal data (names, email addresses, phone numbers) of both its online and in-store customers — potentially several million people — though it stated no financial or sensitive data was affected.

Victim
LDLC