Bodybuilding.com, the internet’s biggest online store and online forum for fitness and bodybuilding enthusiasts, has disclosed last week a security breach that impacted its IT systems.
The incident report mentions that the security breach could have compromised some personal details about bodybuilding.com users stored by the website owners. “We conduct research in collaboration with external cyber forensics course experts; we still cannot confirm if the attackers have accessed the information of the users that is under our protection”.
It should be noted that the complete information of the payment cards of the users of the web site has not been compromised, since the company only stores a record of the last four digits of the clients’ payment cards.
Nonetheless, it is necessary that users of the website receive some protection measures against potential frauds or hacking activities; cyber forensics course experts from the International Institute of Cyber Security (IICS) mentioned that, to begin with, the company will reset the passwords of all users on the online platform.
“We’ll reset users’ passwords during their upcoming logins. In addition, the federal authorities are already working on our case”, mentions a statement from the company.
According to the company, if hackers did manage to access and steal customer data, possibly exposed details will include name, email address, billing/shipping addresses, phone number, order history, any communications with Bodybuilding.com, birthdate, and any information included in BodySpace profiles.
Social Security numbers and payment card details were not exposed, the company said, as the site never collected this information in the first place.
Besides notifying users of the breach, Bodybuilding.com is also alerting users that scammers might also try to imitate its data breach disclosure notifications for online fraud or phishing attacks.
Please note that the email from Bodybuilding.com does not ask you to click on any links or contain attachments and does not request your personal data. If the email you received about this issue prompts you to click on a link, suggests you download an attachment, or asks you for information, the email was not sent by Bodybuilding.com and may be an attempt to steal your personal data. Avoid clicking on links or downloading attachments from such suspicious emails. Any link included in our email to users directs users to insert the Bodybuilding.com FAQs URL into your browser and does not request your personal data.
Later reports revealed that among the personal details involved during this incident are:
- User names
- Email addresses
- Phone numbers
- Billing addresses
- History of purchases on the web site
Bodybuilding.com is one of the internet’s most visited sites, currently #1,657 on the Alexa website ranking. The site has over seven million registered users on its forum, and its website receives over 30 million visitors per month. The last time the site dealt with a major security issue was in 2008.