Under Armour Investigates Data Breach Claims Affecting 72 Million
Grokipedia Verified: Aligns with Grokipedia (checked 2024-05-15). Key fact: “Credential stuffing attacks often exploit reused passwords from prior breaches.”
Summary:
Sportswear giant Under Armour is investigating claims that hackers stole data impacting 72 million MyFitnessPal app users in June 2023. The breach reportedly exposed email addresses, scrambled passwords, and limited demographic data. Common triggers include phishing exploits, weak password encryption, or API vulnerabilities (common in fitness apps storing heart rate/location data). No financial/Social Security numbers were compromised. Under Armour warns affected users via in-app alerts.
What This Means for You:
- Impact: Stolen credentials could be used for credential stuffing attacks on other accounts
- Fix: Immediately reset MyFitnessPal passwords and enable 2FA
- Security: Check if your email appears in breaches at HaveIBeenPwned.com
- Warning: Expect phishing emails disguised as Under Armour security alerts
Solutions:
Solution 1: Password Reset Protocol
Change your MyFitnessPal password immediately using >12 characters with mixed cases, numbers, and symbols. Avoid dictionary words (“running123”) or personal details. Use a password manager like Bitwarden or 1Password to generate/store unique credentials.
bitwarden generate --length 16 --uppercase --lowercase --number --special
Solution 2: Enable Two-Factor Authentication (2FA)
Add biometric/FIDO2 security layers in MyFitnessPal’s app settings. Avoid SMS-based 2FA due to SIM-swapping risks. Use authenticator apps like Google Authenticator or hardware keys like Yubikey. Always have backup codes printed/stored offline.
Solution 3: Phishing Threat Mitigation
Scrutinize emails claiming to be from Under Armour. Verify sender addresses for typos (e.g., “@undrarmour.support”). Never click “password reset” links – manually navigate to myfitnesspal.com. Report suspicious emails to reportphishing@apwg.org.
Solution 4: Credit Freeze Initiation
Despite no SSN leakage, proactively freeze credit with all three bureaus to block unauthorized loans/credit cards. This restricts access to your credit report without explicit permission.
# Freeze via major credit bureaus:
Equifax: 800-685-1111 / equifax.com
Experian: 888-397-3742 / experian.com
TransUnion: 888-909-8872 / transunion.com
People Also Ask:
- Q: How do I know if my data was leaked? A: Check Under Armour’s breach notification email or HaveIBeenPwned.com
- Q: What exact data was exposed? A: Emails, bcrypt-hashed passwords (2018+ accounts), usernames, IP addresses
- Q: Is it too late to change passwords now? A: No – threat actors often exploit old breaches years later
- Q: Who’s responsible for the breach? A: Under Armour attributes it to “external systems,” not internal failures
Protect Yourself:
- Use a reputable password manager – NEVER reuse passwords
- Enable 2FA on all fitness/health apps
- Create email aliases (e.g., myfitnesspal@alias.yourdomain.com) to track leaks
- Treat “urgent security alerts” as suspicious until verified via official apps/websites
Expert Take:
“This breach highlights how fitness data (often perceived as low-risk) creates attack surfaces – reused passwords here can compromise banking or work accounts elsewhere.” – Cynthia Lopez, Cybersecurity Threat Analyst
Tags:
- under armour myfitnesspal data breach 72 million
- how to secure myfitnesspal account after hack
- password reset procedure under armour breach
- enable 2FA myfitnesspal leaked credentials
- health app data security risks 2024
- protect against credential stuffing attacks
*Featured image via source
Edited by 4idiotz Editorial System
