Back to news
Cybersecurity Alert
July 14, 2026 by EmailMeNow IT Consulting

Under Armour Investigating 72M Emails Posted Online After Alleged Breach

Under Armour is investigating reports that emails tied to ~72.7M accounts were posted online after an alleged Everest ransomware incident. No passwords or payments reported exposed — phishing risk remains. Audits: underarmour.com 52%, ua.com 54% — none at the 100% ideal.

Source: TechCrunch · Have I Been Pwned

NewsData BreachPhishingUnder ArmourCybersecurity
Illustration of a large consumer email leak and athletic-brand phishing risk

Under Armour is investigating reports that email addresses tied to roughly 72 million accounts were posted online. Have I Been Pwned indexed about 72.7 million unique addresses after the set appeared on a hacking forum in January 2026. The company says there is no current evidence that UA.com, payment systems, or customer password stores were affected — but names, dates of birth, location clues, and purchase history still fuel convincing scam messages that look like they come from Under Armour or its fitness apps.

Illustration of a large email dump and athletic-brand phishing risk

What Happened

WhenWhat
Nov 2025Everest ransomware group claimed Under Armour and alleged ~343GB of data in an extortion attempt (HIBP)
Jan 2026Customer data published on a public hacking forum; HIBP added the breach 21 Jan 2026 and notified affected addresses
22 Jan 2026TechCrunch reports Under Armour is “aware” and investigating with outside experts
Field reported in the dumpWhy it still hurts without passwords
Email addresses (~72.7M unique)Direct targeting list for spoofed “UA order / MapMyRun / account” mail
Names, gender, date of birthPersonalized phishing and account-recovery social engineering
ZIP / postcode geo hintsLocal “store pickup” and package-scam lures
Purchase-related infoOrder-confirmation and refund fraud that looks legitimate

Under Armour told TechCrunch a very small percentage of customers may have had information it considers sensitive exposed, and that claims of tens of millions of “sensitive” records are unfounded. Separately, Cybernews described a ~19.5GB release with ~72.7M emails (and far more total rows), including employee addresses and marketing/purchase data — useful raw material for spear-phishing even when login secrets stay offline.

Illustration of leaked email lists fueling fake athletic-apparel order scam messages

Why Email-Only Still Matters

ThreatWhat victims should expect
Brand spoofingFake “security,” “loyalty,” or “order update” mail from lookalike UA / MapMy* senders
Credential harvestingLinks to fake login pages that steal MapMyRun / MapMyFitness / store passwords you still use elsewhere
MFA fatigue / support scamsCalls or texts that cite real DOB or order detail from the dump
Reuse across breachesHIBP noted most of these emails already appeared in prior breaches — password reuse remains high risk

Independent Cybersecurity Audit

We scored Under Armour consumer and fitness domains plus primary reporting sources on July 14, 2026. 100% is the ideal. Sorted by overall (highest first).

DomainOverallIdentityTransportWebsiteLevel
haveibeenpwned.com88%90%45%100%Strong
mapmyrun.com70%90%15%45%Good
mapmyfitness.com70%90%15%45%Good
techcrunch.com70%90%15%45%Good
ua.com54%50%15%45%Average
underarmour.com52%45%15%45%Average
FindingDetail
Ideal score0 of 6 hit 100% overall
Soft retail identityunderarmour.com Identity 45% / ua.com 50% — weaker spoof resistance than MapMy* apps at 90%
Soft transport15% Transport on Under Armour, MapMy*, and TechCrunch — limited MTA-STS / encrypted-transport posture
Strongest herehaveibeenpwned.com at 88% with Website 100%
Phishing implicationAfter a 72M-email dump, soft Identity on the retail brand domains makes forged “reset your UA account” mail easier to trust

Illustration of domain security audit scoreboard with 100% ideal target

Audit links: underarmour.com · ua.com · mapmyrun.com · mapmyfitness.com · haveibeenpwned.com · techcrunch.com

Website stack note

Passive website-tech probes on July 14, 2026 covered all six domains above (6 probed, 0 notable). No outdated CMS / PHP / short-horizon TLS alerts stood out. The operational risk in this story is leaked identity + purchase context enabling phishing, not a public WordPress core headline on these marketing domains.

What Texas Shoppers and Teams Should Do

AudienceAction
Anyone with a UA / MapMy* accountCheck Have I Been Pwned; treat unexpected UA emails as hostile until you verify in-app
Password reuseChange passwords on any account that shared the same password as UA apps; enable MFA
Families & employeesIgnore “confirm your order / gift card / membership” links that arrive by unexpected mail or text
BusinessesRemind staff that retail breach dumps power BEC and vendor fraud that name real brands and purchase detail
Domain ownersAim for audit 100%: DMARC p=reject, strong BIMI path where eligible, and MTA-STS — soft Identity/Transport is exactly what attackers abuse after email leaks

Sources: TechCrunch (Jan 22, 2026); Have I Been Pwned — Under Armour; Cybernews reporting on the forum dump. Independent EmailMeNow domain audits and website-tech probes July 14, 2026. This is not legal advice.