Leak at Go Sport
In December 2024, French sporting-goods retailer Go Sport was named in dark-web claims of a customer data leak; the alleged fresh breach was debunked, with the data tracing back to a 'go-sport.com' file in an earlier compilation of past French breaches.
- Victim
- Go Sport
On 20 December 2024, Go Sport — a major French sporting-goods retail chain — was named in dark-web claims that its customer data had been leaked. The claims were debunked in early January 2025: investigations found no evidence of any fresh unauthorized access to or exposure of Go Sport's systems.
The data circulating under Go Sport's name traces back to a "go-sport.com-export.txt" file that was part of an earlier, much larger compilation. In September 2024, Cybernews and researcher Bob Dyachenko reported an exposed, misconfigured Elasticsearch instance (about 30 GB, ~95 million documents) that aggregated at least 17 past French data breaches. Go-Sport was listed among the affected brands, alongside Darty, Intersport, LDLC, SFR, Shadow, Sport2000 and others.
The data points associated with that compilation typically included:
- Full names
- Email addresses
- Phone numbers
- Postal addresses
- IP addresses
- Partial payment information
This record therefore reflects a recirculation/extortion-style claim built on previously leaked Go Sport data rather than a newly confirmed intrusion. Go Sport reaffirmed its security posture, and no fresh breach tied to this December 2024 claim has been substantiated. Status remains unconfirmed.
Sources
- cybernews.comhttps://cybernews.com/security/french-records-exposed-by-mysterious-data-hoarder/
- dailydarkweb.nethttps://dailydarkweb.net/no-evidence-of-data-breach-for-go-sport-in-france/
- incyber.orghttps://incyber.org/en/article/massive-database-of-french-internet-users-leaked-online/