In late 2025, the Everest ransomware group allegedly targeted Under Armour, leading to a massive data leak involving 72 million unique email addresses. Security platforms like Have I Been Pwned have indexed the stolen data, which reportedly includes sensitive details such as names, birthdates, and physical addresses. While the company has denied that its core systems or financial data were compromised, legal pressure is mounting through class action lawsuits regarding their security protocols. Parallel research into Compromised Credential Checking (C3) services suggests new ways to protect users from credential tweaking attacks following such leaks. This academic study proposes a system called Might I Get Pwned, which identifies passwords similar to those found in breaches while maintaining user privacy. Experts recommend that affected individuals monitor their accounts and update any reused passwords to mitigate the risk of targeted phishing.
