Adidas Licensing Partner
Analysis of the Adidas licensing partner breach exposing 815,000 rows of data including plaintext passwords.
Published by the Scrutex.ai Research Team | February 2026
Disclaimer
This advisory is provided for informational and educational purposes only by the Scrutex research team. It is based entirely on publicly available reporting from the sources cited below. Where details are unconfirmed or disputed by the affected organisation, this is noted explicitly. Scrutex does not independently verify internal claims made by affected organisations or threat actors. This advisory should not be interpreted as a confirmed statement of fact regarding any organisation's security posture. Organisations concerned about their own exposure should conduct independent assessments and seek professional legal advice.
At a Glance
Organisation
Adidas Licensing Partner
Unnamed licensing partner of Adidas, the global sports apparel corporation, managing business account relationships.
Sector
Retail / Apparel
Region
Global
Date of Incident
Prior to February 2026 (exact date unknown)
Date Disclosed
February 2026
Estimated Impact
815,000 rows (approximately 130 unique accounts)
Data Types Exposed
Names, email addresses, plaintext passwords, birthdays, company details
Attack Type
Data Breach
Attack Vector
Compromise of licensing partner system (specific vector not disclosed)
Threat Actor
Not publicly attributed
Current Status
Under investigation. No public statement from Adidas or the unnamed partner.
Severity Assessment
Moderate. Although only approximately 130 unique accounts were exposed, the storage of plaintext passwords represents a critical security failure that could enable further attacks.
What Happened
In February 2026, it was reported that 815,000 rows of data from an unnamed Adidas licensing partner had been exposed. The data includes names, emails, passwords, birthdays, and company details.
Although the number of unique accounts is small (approximately 130), the exposure of plaintext passwords for business accounts is particularly concerning.
Timeline
February 2026
Data from Adidas licensing partner reported exposed
Impact and Risk Assessment
For Affected Individuals
Approximately 130 business account holders had their credentials exposed in plaintext, enabling immediate account takeover if passwords were reused elsewhere.
For Organisations
Exposed business credentials could provide attackers with a foothold into Adidas's partner ecosystem for further supply chain attacks.
The discovery of plaintext password storage indicates fundamental security deficiencies at the licensing partner.
Regulatory Context
Plaintext password storage violates basic security standards under GDPR and most data protection frameworks. Regulatory action may follow if the partner is identified.
What Should You Do?
If You Are a Potentially Affected Individual
If you have business accounts with Adidas licensing partners, change your password immediately and ensure you are not reusing it elsewhere.
If You Are a Security or Risk Professional
Audit your vendor ecosystem for plaintext password storage. This is an unacceptable security practice that should be a disqualifying finding in any vendor assessment.
Supply chain breaches through licensing and business partners can expose corporate credentials. Ensure your third-party risk management programme covers all partner types.
Learnings and Recommendations
Supply chain breaches through licensing and business partners can expose corporate credentials. Even a small number of compromised business accounts can provide a foothold for further attacks.
Plaintext password storage in any system is an unacceptable security practice that organisations should audit across their entire vendor ecosystem.
Sources
This advisory is provided for informational purposes by the Scrutex.ai research team. It is based on publicly available reporting from the sources cited above. Where details are unconfirmed or disputed, we have noted this accordingly. Scrutex.ai does not independently verify internal claims made by affected organisations. Organisations concerned about their own exposure are encouraged to conduct their own assessments and seek professional advice where needed.
Stay ahead of the next breach
Scrutex monitors dark web sources, breach databases, and threat actor activity continuously, detecting exposure that affects your organisation before it becomes a headline.