Under Armour Data Breach Case Study: Impact and Recommendations

Verified

Added on 2023/06/03

AI Summary

This case study examines the Under Armour data breach that occurred in March 2018, affecting MyFitnessPal users. Hackers gained unauthorized access to usernames, hashed passwords, and email addresses, although payment information remained secure. The vulnerability stemmed from a prolonged porting window for credentials based on the SHA-1 hashing algorithm, making them susceptible to cracking. Following the breach, Under Armour consulted security firms and coordinated with law enforcement. Lawsuits alleged the organization failed to adequately safeguard user data. A key lesson learned is the importance of implementing a second layer of security and improving hashing techniques to protect vital data. The incident underscores the significant impact of such attacks and the need for robust encryption standards.

Running head: UNDER ARMOUR DATA BREACH
Under Armour Data Breach
Name of the Student
Name of the University
Author’s note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1UNDER ARMOUR DATA BREACH
Table of Contents
1. Introduction..................................................................................................................................2
2. Discussion....................................................................................................................................2
3. Conclusion...................................................................................................................................3
4. References....................................................................................................................................4

2UNDER ARMOUR DATA BREACH
1. Introduction
The Under Armour Data Breach had affected a lot of users due to the incident of data
breach. This cyber threat on data had attacked the organization in March 2018. The company had
realised that hackers had gained an unauthorized access to their health platform, MyFitnessPal
and had thus unrevealed the data of various users (Kellogg, 2016).
2. Discussion
The threat posed by Under Armour was that the data of their users who had their account
registered with MyFitnessPal was revealed. The hackers who held the responsibility of the attack
were able to access the individual usernames, hashed passwords and email addresses of the users.
Although there was a huge form of data breach, the payment information of the users was not
breached. This was due to the reason that Under Armour had kept these information in a separate
manner (Alshboul, Nepali & Wang, 2015).
The vulnerability of Under Armour was due to the fact that the particular window of time
meant for porting millions of credentials based on SHA-1 was extremely long. Hence, this was
the primary reason of the credentials to become vulnerable to get cracked by different hackers.
The exposed passwords were mostly protected with a strong hashing algorithm known as Bcrypt.
The exposed information included email addresses and usernames that was protected by the
SHA-1 hashing, which was easier to get cracked (Schneier, Seidel & Vijayakumar, 2016).
After the proper notification of the vulnerability, the authorities took proper kind of
measures for the purpose of determining of the scope and nature of the issues discovered. After
the detection of the breach, the organization had considered for the consultation of different

3UNDER ARMOUR DATA BREACH
kinds of security firms based on the assistance of investigation. Under Armour was also notified
about coordinating with different law enforcement authorities.
The different lawsuit agencies claimed that the Under Armour data breach resulted due to
the failure of the organization to safeguard and thus protect the different aspects of security.
After the data breach incident, the authorities had realised that the security of data and different
forms of practices were very much inadequate for the purpose of safeguarding the data of the
members.
Based on the discussed incident of data breach of Under Armour, it could thus be
understood that such kind of attacks on the system could majorly impact a huge user base. One
of the important lesson for the future prospects of data breach incidents could be regarded as a
second layer of security, which should be implemented within the systems (Ardagna et al.,
2015). The different hashing techniques should be improved based on the needs of the protection
of the vital data within the organisation.
3. Conclusion
Based on the discussion from the above research, it could be concluded the Under
Armour data breach was a direct result of the various forms of cracking of passwords and
encryption techniques. Hence it should be the prime responsibility of the different law agencies
to secure the data of the organisation. Hence the organisation should adopt such high kinds of
encryption standards for the protection of information of their customers.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4UNDER ARMOUR DATA BREACH
4. References
Alshboul, Y., Nepali, R., & Wang, Y. (2015). Big data lifecycle: Threats and security model.
Ardagna, C. A., Asal, R., Damiani, E., & Vu, Q. H. (2015). From security to assurance in the
cloud: A survey. ACM Computing Surveys (CSUR), 48(1), 2.
Kellogg, S. (2016). Every breath you take: Data privacy and your wearable fitness device. J. Mo.
B., 72, 76.
Schneier, B., Seidel, K., & Vijayakumar, S. (2016). A worldwide survey of encryption products.