Adidas Hack: ‘Millions’ of U.S. Website Customers Warned of Cyber Theft

The website of sporting brand Adidas may have been hacked. The company admitted late on Thursday that millions of usernames and encrypted passwords were probably stolen.

The company said in a brief statement it became aware of the “potential data security incident” on June 26 after a hacker claimed to have “acquired limited data associated with certain Adidas consumers.” It stressed there was “no reason to believe” that credit card details had been exploited.

“Adidas is committed to the privacy and security of its consumers' personal data,” the release read. “Adidas immediately began taking steps to determine the scope of the issue and to alert relevant consumers. Adidas is working with leading data security firms and law enforcement authorities to investigate the issue.” It will alert victims while conducting a forensic review, the brand added.

The preliminary investigation suggests that the breadth of the data leak could be significant. “We are alerting certain consumers who purchased on adidas.com/US about a potential data security incident,” an Adidas spokesperson told Newsweek, adding: “At this time this is a few million consumers.”

Adidas An Adidas sign is seen before the company's annual news conference in Herzogenaurach, Germany March 14, 2018. The company revealed on Thursday that a "few million" customers had been caught up in a hack. REUTERS/Michael Dalder

But much remains unknown about the cyber theft, including a timescale of when the suspected hack took place, what techniques the culprit used to access data and exactly how many details were stolen.

Adidas declined to comment when asked about the specific issues. 

The news comes following a cyberattack at Ticketmaster that exposed the personal information of up to 40,000 of its online U.K. customers. The company said that it found “malicious software” on a customer support product hosted by Inbenta Technologies on June 23. Details stolen included names, addresses, email addresses, telephone numbers, payment details and login credentials.

In March, sporting brand Under Amour revealed that it had discovered a “security issue” affecting approximately 150 million user accounts that were linked to its “MyFitnessPal” app and website. Compromised information, it said, included usernames, email addresses, and hashed passwords.

Incidents of this nature are becoming increasingly common, as hackers exploit outdated software in order to siphon off data that can be sold on in packages on the dark web or used in further attacks.

Adidas did not elaborate on which cybersecurity companies it had drafted in to analyze and fix its computer systems, nor on how long it would take for the forensic analysis to reach its completion.

Adidas A man stands in front of a rack with Adidas Original shoes before the opening at the new Adidas Originals store in Berlin, March 27, 2014. The sporting brand confirmed a cyberattack this week. REUTERS/Stefanie Loos

Join the Discussion