Over 42M Log Entries from Nike Lottery User Data May Be for Sale on Hacker Forum

• The personal details of individuals participating in Nike’s lottery are apparently for sale on a popular data breach forum.
• Over 42 million log entries are contained in the data set acquired via the alleged breach.
• The hacker claims the exfiltrated data comes mostly from the Discord platform, from 2020 to 2024.

Sorb, a threat actor, claimed to sell the data that was allegedly stolen in a cyberattack from American footwear and apparel industry leader Nike’s Customer Relationship Management (CRM) software on the dark web.

The cybercriminal, who appears to have joined the breach forum in 2023, said on January 9, 2025, that they exfiltrated over 11.9GB of data with over 42,000,000 log lines. Nike periodically hosts lotteries for participants. 

The database has information collected between 2020 and 2024 and includes sensitive log details. Sorb wrote they accessed the ESNKRS raffle bot to exfiltrate the data, which conducts lotteries for the footwear giant on platforms such as Telegram and Discord. 

Sorb said, “...in this case, the main audience is Discord,” suggesting that the information they had was largely from Discord. 

Nike was in the news after a 25-year-old man infiltrated the company’s systems. Andrew Kelly had no formal training in coding, but the police found evidence of him boasting about his hacking skills and that he entered other websites, including The Cooperative Group and Ubisoft Entertain SA.

He confessed to amassing thousands of proxy IP addresses. However, he was not sternly penalized because he had not conducted fraudulent activity using the credentials. Kelly did not display any ulterior motives for the crimes, the court said in the sentencing remarks. 

While this incident happened over four years ago, the possibility of hackers misusing previously leaked Nike data now could not be denied. 

The fraud assessment found that 277,000 customer account details were exposed. This also led to PayPal getting targeted by third-party fraudsters who used the data to make over 500 transactions.