We're currently dealing with a security issue, as explained in this message we recently sent to the users of our online tracking tool. We sent a similar message to coordinators and to instructors who previously used the Fitness File application on our website.
We are writing to inform you about a security issue involving the President’s Challenge website [www.presidentschallenge.org].
Hackers recently accessed our database, which included personal information such as your username, password, security question and answer, email address, date of birth, city and state, and, if you provided it, your name. The hackers were also able to access data such as your logged activities, your nutrition goals, what groups you are in, and messages you had sent and received within the online tracker.
After we learned about the attack, we quickly took down the President’s Challenge website on January 11 and began the process of determining what information the hackers accessed and how it may affect you. We also contacted law enforcement to alert them to the hackers’ illegal activity.
Please note that we do not keep credit card numbers or Social Security numbers for users of our online tracker and shop. Regardless, we are alerting you so you can change your login information on any website where you might have used the same or similar username and/or password, and so you can generally monitor your personal and financial information.
We are in the process of securing the President’s Challenge website, and we expect to bring it back online within the next few days. Before you log in, you will be prompted to reset your password. You will then be able to log your activities and, for PALA+ users, your nutrition goals for the past three weeks. All of your previously logged activities and nutrition goals are still stored in the database.
We are sincerely sorry for this situation and any inconvenience or concern it causes you. We take your privacy very seriously. Before the attack, our website was routinely reviewed for security flaws. We are currently reviewing our security practices to make them even stronger and to reduce the probability of a future breach.
If you have any questions or concerns, please email us at email@example.com
As always, thank you for participating in the President’s Challenge.
The President’s Challenge
P.S.—As you go about resetting your passwords, we recommend following these tips to make them secure and memorable:
- Use a combination of uppercase and lowercase letters, as well as numbers, spaces, and/or symbols.
- The longer the password, the stronger the password.
- Avoid predictable patterns, such as the alphabet.
- Avoid common phrases, lyrics, or quotations (such as “to be or not to be”), unless you change them in some unpredictable way that is memorable to you (“2BRnot2B”).
- Try using random words that form a grammatically correct sentence, deliberately misspelling words, substituting phonetic replacements (“Mississippi” could become “Mrs.Ippi”), or interweaving two words or a word and number sequence (for example, “kiwi” and “1976” could be interweaved as “k1i9w7i6,” “ki19wi76,” or “ki1976wi”).
- Use different usernames and passwords for different websites and systems you access. Use a password vault to store the various passwords.
- For websites that you visit infrequently, consider creating passwords made up of nonsensical characters. Then, when you need to sign in again, reset your password.
- Change your passwords every six months.