Sunday, October 20, 2019
  • Derbycon 2019, Lance Peterman’s ‘Modlishka Is A Mantis Eating 2FAs Lunch’
  • XKCD, 53 Cards
  • Derbycon 2019, David E. Young Jr.’s ‘There’s No Place Like (DUAL) Homed’
  • Top Cloud Directory Service
  • Samsung Fingerprint Bug: Worse Than We Thought

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Incident Response SBN News Security Bloggers Network 

Home » Cybersecurity » Data Security » Bodybuilding.com Suffered Security Incident Potentially Involving Customer Info

Bodybuilding.com Suffered Security Incident Potentially Involving Customer Info

by David Bisson on April 23, 2019

American online retailer Bodybuilding.com suffered a security incident that might have exposed customers’ personal information.

In February 2019, Bodybuilding.com learned of an instance where unknown actors gained unauthorized access to its systems. The fitness platform responded by retaining a data forensics firm to investigate what happened. This effort, which concluded in April 2019, traced the unauthorized access back to a phishing email received in July 2018. It also failed to rule out the possibility that the attack exposed customers’ personal information including their name, email address, phone number and birthdate.

The investigation did determine, however, that the security event left customers’ payment card information untouched.

Given these findings, Bodybuilding.com decided to reset all users’ passwords and to provide users with information about how they can protect their data. Additionally, it said that it will continue to work with law enforcement authorities to monitor for suspicious activity on its site and to improve the security of its systems. As quoted in a statement published on its website:

We sincerely regret any inconvenience or concern caused by this incident. We are committed to protecting your information and maintaining your trust and confidence.

This isn’t the first time that Bodybuilding.com has suffered a security event. Back in 2008, a user of the site found that they could upload and host HTML files with JavaScript links using the blog’s upload feature. By abusing that weakness, the user said they could potentially modify or delete other users’ body stats.

The platform plugged that particular weakness three days after it was disclosed.

Regarding this latest security incident, users of Bodybuilding.com can protect themselves by using this expert guidance to create a strong password for their accounts. They should also exercise caution around suspicious links and email attachments. Towards that end, (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/bodybuilding-com-data-incident/

April 23, 2019April 23, 2019 David Bisson Bodybuilding.com, data, IT Security and Data Protection, Latest Security News, Security Incident
  • ← Why People Who Protect Others Need to be at Their Best; Tackling Mental Health in Cybersecurity [Q&A with Dr. Ryan Louie, MD, Ph.D.]
  • Winning the Data Game – Banks must view FinTech and data security as stepping stones not obstacles →
Learn more at DevOpz.io

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Sudo Read This Warning About LPE Bug in Sudo
Hackers Impersonating Other Hacker Types
Health Care and HIPAA-Compliant Data Storage
Sophos CEO: Pending Acquisition Part of Larger Services Shift
Okta Enables Entire Organization to Participate in Cybersecurity Defense
"Welcome to Video" raid leads to 337 arrests due to Bitcoin Exchanges that use strong KYC
18 Members of ATM Skimmer Gang Arrested — Mostly Romanian
NEW TECH: ‘Passwordless authentication’ takes us closer to eliminating passwords as the weak link
Cyber security audits top due diligence checklists
Dark Data Is Hurting Your Cyber Security

Upcoming Webinars

Mon 21

Open Source Security – Weighing the Pros and Cons

October 21 @ 1:00 pm - 2:00 pm
Wed 23

6 Essential Steps to Avoid Container Security Vulnerabilities

October 23 @ 11:00 am - 12:00 pm
Tue 29

Software-Defined Segmentation Done Easily, Quickly and Right

October 29 @ 1:00 pm - 2:00 pm
Nov 07

Don’t Let Vulnerabilities Create a Hole in Your Organization

November 7 @ 11:00 am - 12:00 pm
Nov 14

Top Cybersecurity Threats and How SIEM Protects Against Them

November 14 @ 11:00 am - 12:00 pm
Nov 18

Scaling DevSecOps

November 18 @ 1:00 pm - 2:00 pm
Nov 19

SAP Concur’s Cloud Journey

November 19 @ 1:00 pm - 2:00 pm
Dec 09

Cloud Security – Keeping Serverless Data Safe

December 9 @ 11:00 am - 12:00 pm

More Webinars

Download Free eBook

Speed and Scale: How Machine Identity Protection is Crucial for Digital Transformation and DevOps

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Hybrid Cloud’s Impact on Financial Services Security
Cloud Security Cybersecurity Industry Spotlight Security Boulevard (Original) 

Hybrid Cloud’s Impact on Financial Services Security

October 18, 2019 Steven Totman | 2 days ago 0
GDPR: One Year On, Lessons Learned
Cybersecurity Governance, Risk & Compliance Industry Spotlight Security Boulevard (Original) 

GDPR: One Year On, Lessons Learned

October 18, 2019 Charlene O’Hanlon | 2 days ago 0
A Guide to Finding a Trusted MSSP
CISO Suite Cybersecurity Featured Industry Spotlight Network Security Security Boulevard (Original) Spotlight 

A Guide to Finding a Trusted MSSP

October 17, 2019 Craig DAbreo | 3 days ago 0

Top Stories

Samsung Fingerprint Bug: Worse Than We Thought
Cybersecurity Featured Identity & Access Mobile Security News Security Boulevard (Original) Spotlight 

Samsung Fingerprint Bug: Worse Than We Thought

October 19, 2019 Richi Jennings | Yesterday 0
Okta Enables Entire Organization to Participate in Cybersecurity Defense
Cybersecurity Featured News Security Boulevard (Original) Spotlight Threat Intelligence 

Okta Enables Entire Organization to Participate in Cybersecurity Defense

October 16, 2019 Michael Vizard | 3 days ago 0
Sudo Read This Warning About LPE Bug in Sudo
Application Security Cybersecurity Featured Identity & Access News Security Boulevard (Original) Spotlight 

Sudo Read This Warning About LPE Bug in Sudo

October 16, 2019 Richi Jennings | 3 days ago 0

Security Humor

via   the comic delivery system monikered  Randall Munroe  at  XKCD !

XKCD, 53 Cards

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2019 MediaOps Inc. All rights reserved.

Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.