Athletic footwear and attire producer Nike has turn out to be the newest sufferer of WorldLeaks, a financially motivated ransomware group recognized for information extortion assaults.
The group introduced the breach on its darknet leak web site on January 22, claiming accountability for the incident and threatening to launch stolen information on January 25, 2026, at 6 PM GMT.
WorldLeaks listed Nike as a sufferer on its leak platform with minimal accompanying particulars. Nonetheless, the submit reportedly acquired over 400 views inside hours of publication.
In accordance with a submit on boards, the assault was found on January 22, 2026, with information exfiltration occurring on the identical date.
Nike confirmed its consciousness of the alleged incident in an official assertion: “We’re investigating a possible cybersecurity incident and are actively assessing the state of affairs.”
World Leaks Declare
The precise quantity of exfiltrated information stays unconfirmed. Nonetheless, trade analysts counsel it may doubtlessly attain a number of terabytes primarily based on WikiLeaks‘ historic assault patterns.
Nike reported roughly 481,183 compromised customers, 220 compromised workers, and 444 third-party worker credentials uncovered within the incident.
Accessible proof means that a number of information classes might have been compromised in the course of the assault.
Together with inner firm documentation, buyer info, worker e mail addresses and telephone numbers, enterprise operational information, and human sources information.
The particular nature and scope of delicate info uncovered, together with potential mental property, product growth particulars, or monetary information, stay undisclosed pending Nike’s ongoing investigation.
WorldLeaks Profile
WorldLeaks emerged as a strategic rebrand of Hunters Worldwide in January 2025, following the predecessor group’s cessation of operations.
The group operates utilizing an extortion-only mannequin, focusing solely on information theft fairly than file encryption, enabling quicker assault execution and lowered detection danger.
The group maintains a complicated four-platform infrastructure: a public leak web site for sufferer showcase, a negotiation portal for ransom communications.
An “Insider” journalist platform offering 24-hour advance information entry and an affiliate administration system.
WorldLeaks has claimed over 116 victims since its formation, together with high-profile targets akin to Dell Applied sciences (1.3TB stolen) and L3Harris Applied sciences, a US protection contractor.
Intelligence reviews point out WikiLeaks usually features preliminary entry by compromised reliable web sites, phishing campaigns with malicious attachments, unpatched internet-exposed functions, or VPNs missing multi-factor authentication.
Put up-compromise, the group leverages credential theft, lateral motion by community shares, and custom-developed exfiltration tooling to catalog and extract delicate information.
This incident marks the continuation of coordinated cyberattacks concentrating on the retail and athletic attire sectors in current months.
Safety researchers word the sample suggests deliberate concentrating on of high-value organizations with weak authentication infrastructure and vital mental property holdings.
Organizations ought to implement necessary multi-factor authentication on all distant entry factors and conduct rapid community segmentation evaluations.
Set up enhanced monitoring for unauthorized information exfiltration to exterior cloud companies and anonymized networks.
Observe us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to characteristic your tales.
