Author Topic: Bodybuilding.com Security Breach, All Customer Passwords Reset  (Read 152 times)

Offline javajolt

  • Administrator
  • Hero Member
  • *****
  • Posts: 35122
  • Gender: Male
  • I Do Windows
    • windows10newsinfo.com
Bodybuilding.com fitness and bodybuilding fan website notified its customers of a security breach detected during February 2019 which was the direct result of a phishing email received back in July 2018.

As detailed in the data incident notification published on the company's help center, the security breach might "have affected certain customer information in our possession" and, as concluded after investigating the incident with the help of "external forensic consultants that specialize in cyber-attacks," Bodybuilding.com says that it "could not rule out that personal information may have been accessed."

The company also stated that there were no full debit or credit card numbers impacted in the security breach because it only stores only the last four digits and only for customers who opted to have their cards stored with their account information.

As precautionary measures, all Bodybuilding.com users will also have their passwords reset the next time they try to log in:

Quote
We have engaged with law enforcement and are working with leading security experts to address any vulnerabilities and remediate the incident.
We continue to monitor our systems for unauthorized access, have introduced additional security measures, and will be resetting Bodybuilding.com customers’ passwords on their next log-in.
While there is no conclusive evidence that customers' personal information has been accessed by the attackers in the security breach, in the eventuality that it did happen a potential data breach would include customers' "name, email address, billing/shipping addresses, phone number, order history, any communications with Bodybuilding.com, birthdate, and any information included in your BodySpace profile."

In addition, Bodybuilding.com's notification states that no social security numbers were accessed or misused in the security breach and that the company will be "notifying all current and former customers and users about the incident out of an abundance of caution to explain the circumstances as we understand them."

The alert also warns customers that breach notification emails designed to look like coming from Bodybuilding.com might be used in phishing attack campaigns following the disclosure of the security breach.

Quote
If the email you received about this issue prompts you to click on a link, suggests you download an attachment, or asks you for information, the email was not sent by Bodybuilding.com and may be an attempt to steal your personal data. Avoid clicking on links or downloading attachments from such suspicious emails. Any link included in our email to users directs users to insert the Bodybuilding.com FAQs URL into your browser and does not request your personal data.
Customers who receive Bodybuilding.com's security breach notification email are also advised to change their passwords and to check their accounts for suspicious activity to make sure that the attackers haven't accessed their personal information in any way.

Bodybuilding.com has also set up a call center designed to answer customer questions related to this security incident, which can be reached at "at 1-844-386-9553 between 8:00 AM – 10:00 PM CT, Monday through Friday, or 10:00 AM – 7:00 PM CT, Saturday and Sunday."

Bodybuilding.com is the world's largest fitness website, with a community of over 1,000,000 BodySpace members and more than 17,000,000 forum members, as well as over 32,000,000 orders shipped all over the world since its online shop was opened for business.

source
« Last Edit: April 23, 2019, 02:36:58 PM by javajolt »