Under Armour Data Breach Exposes User Accounts to Credential-Stuffing Attack
Under Armour recently confirmed a data security incident involving unauthorized access to a subset of user accounts on its platform. The breach, detected in early 2024, stemmed from a credential-stuffing attack, where threat actors used previously leaked login credentials from other breaches to gain access to Under Armour accounts.
The company reported that attackers successfully accessed accounts where users had reused passwords across multiple platforms. While no payment or financial data was compromised, exposed information included usernames, email addresses, and hashed passwords. Under Armour has since reset passwords for affected accounts and implemented additional security measures, including multi-factor authentication (MFA) enforcement.
The incident highlights the ongoing risks of password reuse and the effectiveness of credential-stuffing attacks, which remain a common tactic among cybercriminals. Under Armour has notified impacted users and is working with cybersecurity firms to investigate the scope of the breach. No evidence suggests that the attack originated from a vulnerability within Under Armour’s systems.
Under Armour cybersecurity rating report: https://www.rankiteo.com/company/under-armour
"id": "UND1769118371",
"linkid": "under-armour",
"type": "Breach",
"date": "5/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Subset of user accounts',
'industry': 'Apparel and Accessories',
'name': 'Under Armour',
'type': 'Company'}],
'attack_vector': 'Credential-Stuffing',
'customer_advisories': 'Notified impacted users',
'data_breach': {'data_encryption': 'Hashed passwords',
'personally_identifiable_information': 'Usernames, email '
'addresses',
'sensitivity_of_data': 'Medium (usernames, email addresses, '
'hashed passwords)',
'type_of_data_compromised': 'User account information'},
'date_detected': 'early 2024',
'description': 'Under Armour recently confirmed a data security incident '
'involving unauthorized access to a subset of user accounts on '
'its platform. The breach, detected in early 2024, stemmed '
'from a credential-stuffing attack, where threat actors used '
'previously leaked login credentials from other breaches to '
'gain access to Under Armour accounts. The company reported '
'that attackers successfully accessed accounts where users had '
'reused passwords across multiple platforms. While no payment '
'or financial data was compromised, exposed information '
'included usernames, email addresses, and hashed passwords. '
'Under Armour has since reset passwords for affected accounts '
'and implemented additional security measures, including '
'multi-factor authentication (MFA) enforcement.',
'impact': {'data_compromised': 'Usernames, email addresses, hashed passwords',
'identity_theft_risk': 'High',
'payment_information_risk': 'None',
'systems_affected': 'User accounts on Under Armour platform'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Highlights the ongoing risks of password reuse and the '
'effectiveness of credential-stuffing attacks.',
'post_incident_analysis': {'corrective_actions': 'Password resets, MFA '
'enforcement, and '
'collaboration with '
'cybersecurity firms',
'root_causes': 'Password reuse by users'},
'recommendations': 'Enforce multi-factor authentication (MFA) and educate '
'users on password hygiene.',
'response': {'communication_strategy': 'Notified impacted users',
'containment_measures': 'Password resets for affected accounts',
'remediation_measures': 'Multi-factor authentication (MFA) '
'enforcement',
'third_party_assistance': 'Cybersecurity firms'},
'title': 'Under Armour Data Breach Exposes User Accounts to '
'Credential-Stuffing Attack',
'type': 'Data Breach',
'vulnerability_exploited': 'Password reuse'}