Under Armour Investigates Data Breach After 72 Million Records Allegedly Exposed
Under Armour said there is no evidence at this point to suggest the incident affected systems used to process payments or store customer passwords
Password security helps prevent unauthorized access, while weak or reused credentials can expose accounts, systems, and sensitive data.
Search across headline titles and summaries.
Background for this topic.
Passwords are secret strings used to verify identity and control access to accounts, devices, applications, and services. They remain a common authentication method, but their security depends mainly on secrecy, length, and uniqueness rather than predictable complexity rules. A password reused across services can expose multiple accounts if one service is compromised; short, common, or previously leaked passwords are more susceptible to guessing and automated credential-stuffing attacks.
Practical defenses include using a password manager to generate and store a distinct, long password for each service, blocking known compromised passwords, and enabling multi-factor authentication (MFA) where available. Organizations should protect stored passwords with slow, salted one-way hashing, restrict and monitor authentication attempts, and provide secure recovery processes. Password changes are most useful after suspected compromise or exposure, rather than as routine changes that encourage predictable variations. Security teams should also treat password databases and reset mechanisms as sensitive assets during vulnerability assessment and incident response.
Under Armour said there is no evidence at this point to suggest the incident affected systems used to process payments or store customer passwords
Hackers began exploiting an authentication bypass vulnerability in SmarterTools' SmarterMail email server and collaboration tool that allows resetting admin passwords. [...]
Phoney email alerts suggest users need to backup their LastPass accounts within 24 hours. LastPass says it would never require this action from users
Phishing campaign tries to reel in master passwords Password managers make great targets for attackers because they can hold many of the keys to your kingdom. Now, LastPass has warned customers about phishing emails claiming that action is required ahead of scheduled maintenance and told them not to fall for the scam. …
LastPass is alerting users to a new active phishing campaign that's impersonating the password management service, which aims to trick users into giving up their master passwords