• Home
  • cyber
  • Nike and Dell Technologies: Nike Allegedly Hacked by WorldLeaks Ransomware Group
cyber Ransomware

Nike and Dell Technologies: Nike Allegedly Hacked by WorldLeaks Ransomware Group

Jan 1, 2025 2 min read
Nike and Dell Technologies: Nike Allegedly Hacked by WorldLeaks Ransomware Group

Nike Targeted in WorldLeaks Ransomware Attack, Data Extortion Threatened

Nike has fallen victim to a data extortion attack by the financially motivated ransomware group WorldLeaks, which announced the breach on its darknet leak site on January 22, 2026. The group threatened to release stolen data by January 25, 2026, at 6 PM GMT, though the exact volume of exfiltrated information remains unconfirmed. Industry analysts estimate it could reach several terabytes, based on the group’s past attacks.

Nike acknowledged the incident in a statement, confirming it is actively investigating the breach. According to reports, the attack compromised:

  • 481,183 user accounts
  • 220 employee records
  • 444 third-party credentials
    Potentially exposed data includes internal documentation, customer information, employee contact details, operational records, and HR data. The full scope of sensitive material such as intellectual property or financial records remains under investigation.

WorldLeaks, a rebrand of Hunters International (active since January 2025), operates an extortion-only model, focusing on data theft rather than encryption to evade detection. The group maintains a four-platform infrastructure, including a public leak site, negotiation portal, and an "Insider" journalist platform for early data access. Since its formation, WorldLeaks has claimed 116 victims, including Dell Technologies (1.3TB stolen) and L3Harris Technologies, a U.S. defense contractor.

Initial access is typically gained through phishing, unpatched applications, or VPNs without multi-factor authentication (MFA). Post-compromise, the group uses credential theft, lateral movement, and custom exfiltration tools to extract data.

This attack follows a recent trend of targeted cyberattacks on retail and apparel sectors, particularly organizations with weak authentication and high-value intellectual property. Security researchers note the group’s preference for high-profile victims with vulnerable infrastructure.

Source: https://cybersecuritynews.com/nike-hacked/

Nike cybersecurity rating report: https://www.rankiteo.com/company/nike

Dell Technologies cybersecurity rating report: https://www.rankiteo.com/company/delltechnologies

"id": "NIKDEL1769160139",
"linkid": "nike, delltechnologies",
"type": "Ransomware",
"date": "1/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': '481,183 user accounts',
                        'industry': 'Retail / Apparel',
                        'name': 'Nike',
                        'type': 'Corporation'}],
 'attack_vector': ['Phishing',
                   'Unpatched applications',
                   'VPNs without multi-factor authentication (MFA)'],
 'data_breach': {'data_encryption': 'No (extortion-only model)',
                 'data_exfiltration': 'Yes',
                 'number_of_records_exposed': '481,183 user accounts, 220 '
                                              'employee records, 444 '
                                              'third-party credentials',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Internal documentation',
                                              'Customer information',
                                              'Employee contact details',
                                              'Operational records',
                                              'HR data']},
 'date_detected': '2026-01-22',
 'date_publicly_disclosed': '2026-01-22',
 'description': 'Nike has fallen victim to a data extortion attack by the '
                'financially motivated ransomware group WorldLeaks, which '
                'announced the breach on its darknet leak site on January 22, '
                '2026. The group threatened to release stolen data by January '
                '25, 2026, at 6 PM GMT. The attack compromised 481,183 user '
                'accounts, 220 employee records, and 444 third-party '
                'credentials, with potentially exposed data including internal '
                'documentation, customer information, employee contact '
                'details, operational records, and HR data.',
 'impact': {'data_compromised': 'Several terabytes (estimated)',
            'identity_theft_risk': 'High'},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial gain',
 'post_incident_analysis': {'root_causes': ['Phishing',
                                            'Unpatched applications',
                                            'VPNs without MFA']},
 'ransomware': {'data_encryption': 'No',
                'data_exfiltration': 'Yes',
                'ransomware_strain': 'WorldLeaks (extortion-only, no '
                                     'encryption)'},
 'references': [{'date_accessed': '2026-01-22',
                 'source': 'WorldLeaks darknet leak site'}],
 'response': {'communication_strategy': 'Public statement acknowledging the '
                                        'incident',
              'incident_response_plan_activated': 'Yes'},
 'threat_actor': 'WorldLeaks (rebrand of Hunters International)',
 'title': 'Nike Targeted in WorldLeaks Ransomware Attack, Data Extortion '
          'Threatened',
 'type': 'Ransomware / Data Extortion'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.