Hacker claims sale of alleged Nike customer database with millions of records
Are millions of records really for sale?

Nike is once again making the rounds on hacker forums, this time in a post advertising millions of alleged customer records up for sale.
The sportswear giant’s name came up on the underground marketplaces, where hackers commonly distribute stolen data.
Cyberattacks require diligent preparation and analysis of potential weaknesses in victims. That’s why datasets purchased on illicit forums come in handy for crafting large-scale attacks.
Does this mean that Nike is at imminent risk? So far, it is hard to tell. The newbie hacker claims that they breached customer registration and order-related information tied to Nike.
“Within the data breach, millions of lines of customer data were exfiltrated. We estimate it to be 8 figures,” the attacker wrote.
The attacker also stated that the data is bound to 2026, with no prior data included in the dataset, and weighs 40GB uncompressed.
However, a threat actor with no prior forum posting history, claiming to have obtained millions of lines of data, may raise uncertainty about the alleged breach.
Third-party breach?
Cybernews researchers reviewed the data sample published by the threat actor and found that the sample is quite messy.
According to our researchers, it appears to be a mix of JSON documents containing what is claimed to be user information alongside application logs.
"Where there is alleged user PII, all the information is duplicated," they said.
The repeated records make it difficult to determine how much unique data is actually included in the alleged leak.
“The full extent of this breach is not clear. The guy claims to have millions of lines of data, but it's not obvious how many total records are in the sample either,” the team explained.
Our researchers also noted that Nike is mentioned primarily in application class names rather than in data that would directly tie the information to the company.
Analysis of the logs suggests the data may have been collected through Amazon Simple Queue Service (SQS), a messaging service commonly used by applications running on Amazon Web Services to process queued data.
“In my opinion, it's likely that this data is from a third party rather than Nike,” the researchers said.
If the breach claims prove legitimate, it won't be surprising, as cybercriminals are increasingly targeting smaller providers rather than big fish, since they often have a weaker security posture and could be an easy entry point.
Based on the provided data samples, it is impossible to determine which third-party provider is linked to the exfiltrated data.
Cybernews has reached out to Nike for comment and will update this article once a response is received.
Nike corporate data has been leaked before
At the beginning of this year, Nike was hit by a cyberattack. The World Leaks ransomware gang stated that they exfiltrated Nike's corporate and manufacturing data.
As the countdown ran out and the attackers' demands went unmet, the gang publicly leaked about 1.4TB of data.
Nike acknowledged the potential incident and launched an investigation, but it still hasn’t confirmed that the leaked data belonged to the company.