Thursday, May 26, 2022
  • A Problem Like API Security: How Attackers Hack Authentication
  • Popular Python package compromised: Don’t ‘Blindly Trust Open Source’
  • 10 Reasons Why Email Protection is Critical in 2022
  • Automating Azure Abuse Research — Part 1
  • Implementing the OMB 21-31 Memorandum

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Events
    • Upcoming Events
    • Upcoming Webinars
    • On-Demand Events
    • On-Demand Webinars
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About Us

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Incident Response SBN News Security Bloggers Network 

Home » Cybersecurity » Data Security » Bodybuilding.com Suffered Security Incident Potentially Involving Customer Info

SBN

Bodybuilding.com Suffered Security Incident Potentially Involving Customer Info

by David Bisson on April 23, 2019

American online retailer Bodybuilding.com suffered a security incident that might have exposed customers’ personal information.

Cybersecurity Live - Boston

In February 2019, Bodybuilding.com learned of an instance where unknown actors gained unauthorized access to its systems. The fitness platform responded by retaining a data forensics firm to investigate what happened. This effort, which concluded in April 2019, traced the unauthorized access back to a phishing email received in July 2018. It also failed to rule out the possibility that the attack exposed customers’ personal information including their name, email address, phone number and birthdate.

The investigation did determine, however, that the security event left customers’ payment card information untouched.

Given these findings, Bodybuilding.com decided to reset all users’ passwords and to provide users with information about how they can protect their data. Additionally, it said that it will continue to work with law enforcement authorities to monitor for suspicious activity on its site and to improve the security of its systems. As quoted in a statement published on its website:

We sincerely regret any inconvenience or concern caused by this incident. We are committed to protecting your information and maintaining your trust and confidence.

This isn’t the first time that Bodybuilding.com has suffered a security event. Back in 2008, a user of the site found that they could upload and host HTML files with JavaScript links using the blog’s upload feature. By abusing that weakness, the user said they could potentially modify or delete other users’ body stats.

The platform plugged that particular weakness three days after it was disclosed.

Regarding this latest security incident, users of Bodybuilding.com can protect themselves by using this expert guidance to create a strong password for their accounts. They should also exercise caution around suspicious links and email attachments. Towards that end, (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/bodybuilding-com-data-incident/

April 23, 2019April 23, 2019 David Bisson Bodybuilding.com, data, IT Security and Data Protection, Latest Security News, Security Incident
  • ← Why People Who Protect Others Need to be at Their Best; Tackling Mental Health in Cybersecurity [Q&A with Dr. Ryan Louie, MD, Ph.D.]
  • Winning the Data Game – Banks must view FinTech and data security as stepping stones not obstacles →

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Most Read on the Boulevard

Flawed MFA Opens Doors to Ransomware
Zola Wedding App ‘Hacked’ — Victims Lose BIG Money
Cars in the Crosshairs: Automakers, Regulators Take on Cybersecurity
Don’t Let Your Business Be Held For Ransom(ware)
Process Automation and Cybersecurity
Cloud computing concentration and systemic risk
What’s the Latest on Cyber Talent and Staffing Shortages?
BSides Prishtina 2022 – Isuf Deliu’s ‘Ransomware-As-A-Service: Demystifying A Multi-Billion Dollar Industry’
BSides Prishtina 2022 – Arian Sheremeti’s ‘Understanding Cyber Security Threats And Challenges In Protecting Critical Infrastructure’
XKCD ‘Mainly Known For’

Upcoming Webinars

Thu 26

Challenges and Opportunities for Improving Secure Coding Practices

May 26 @ 3:00 pm - 4:00 pm
Tue 31

Leveraging a Cloud Data Platform to Respond to Cybersecurity Events

May 31 @ 11:00 am - 12:00 pm
Jun 01

The 2022 Guide to API Security

June 1 @ 11:00 am - 12:00 pm
Jun 01

Security From Code to Cloud and Back to Code

June 1 @ 1:00 pm - 2:00 pm
Jun 08

Beyond Unification: How CNAP Should Reduce Cloud Security Risk

June 8 @ 11:00 am - 12:00 pm
Jun 08

When Less Is More: Full Life Cycle Serverless Security

June 8 @ 1:00 pm - 2:00 pm
Jun 15

Top 5 Reasons Why Effective SDLC Security Controls Are So Difficult

June 15 @ 1:00 pm - 2:00 pm
Jun 21

Why Cloud-Native Applications and APIs Are at Risk

June 21 @ 1:00 pm - 2:00 pm
Jun 28

CISO Talk Master Class Episode: Catch Lightning in a Bottle – The Essentials: Bringing It All Together

June 28 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

7 Must-Read eBooks for Security Professionals

Industry Spotlight

Cars in the Crosshairs: Automakers, Regulators Take on Cybersecurity
Cybersecurity Governance, Risk & Compliance Industry Spotlight IoT & ICS Security Security Awareness Security Boulevard (Original) Threat Intelligence 

Cars in the Crosshairs: Automakers, Regulators Take on Cybersecurity

May 23, 2022 Mike Hodge | 2 days ago 0
Establishing a Root of Trust in Embedded Linux and IoT
Cybersecurity Endpoint Industry Spotlight IoT & ICS Security Security Boulevard (Original) Vulnerabilities 

Establishing a Root of Trust in Embedded Linux and IoT

April 18, 2022 Anita Buehrle | Apr 18 Comments Off on Establishing a Root of Trust in Embedded Linux and IoT
Attorney-Client Privilege and Email Privacy
Cybersecurity Data Security Identity & Access Industry Spotlight Network Security Security Boulevard (Original) 

Attorney-Client Privilege and Email Privacy

April 7, 2022 Mark Rasch | Apr 07 Comments Off on Attorney-Client Privilege and Email Privacy

Top Stories

Zola Wedding App ‘Hacked’ — Victims Lose BIG Money
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access Incident Response Mobile Security Most Read This Week Network Security News Popular Post Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Zola Wedding App ‘Hacked’ — Victims Lose BIG Money

May 24, 2022 Richi Jennings | 1 day ago 0
Oracle Adds Services to Strengthen Cloud Security
Application Security Cloud Security Cybersecurity Featured Network Security News Security Boulevard (Original) Spotlight 

Oracle Adds Services to Strengthen Cloud Security

May 24, 2022 Michael Vizard | 1 day ago 0
US Lawmakers Seek Uniform Policy on Nation-State Cyberattacks
Analytics & Intelligence Cyberlaw Cybersecurity Featured Governance, Risk & Compliance News Security Boulevard (Original) Threats & Breaches 

US Lawmakers Seek Uniform Policy on Nation-State Cyberattacks

May 20, 2022 George V. Hulme | May 20 0

Security Humor

Joy Of Tech® ‘Monkeypox Report'

Joy Of Tech® ‘Monkeypox Report’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Techstrong Research
  • Techstrong TV
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
  • Digital Anarchist
Powered by Techstrong Group
Copyright © 2022 Techstrong Group Inc. All rights reserved.

API Poll

Step 1 of 5

20%
Do you have an API security project in 2022?
Who is responsible for API Security?
What is your API security maturity?
What is your top 3 concerns regarding API security? (select 3)
Which API Security practices do you follow most? (select all that apply)
This field is for validation purposes and should be left unchanged.