Monday, April 19, 2021
  • CPDP 2021 – Moderator: Frederike Kaltheuner ‘Getting AI Right – Can Data Protection Help Safeguard Other Fundamental Rights?’
  • All About SIM Swapping | Avast
  • Ransomware Decoded: Preventing Modern Ransomware Attacks
  • Entrust acquires WorldReach Software: expands solutions portfolio to enable digital transformation for seamless travel and citizen identity services
  • DevSecOps in Practice: How to Embed Security into the DevOps Lifecycle

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Incident Response SBN News Security Bloggers Network 

Home » Cybersecurity » Data Security » Bodybuilding.com Suffered Security Incident Potentially Involving Customer Info

Bodybuilding.com Suffered Security Incident Potentially Involving Customer Info

by David Bisson on April 23, 2019

American online retailer Bodybuilding.com suffered a security incident that might have exposed customers’ personal information.

In February 2019, Bodybuilding.com learned of an instance where unknown actors gained unauthorized access to its systems. The fitness platform responded by retaining a data forensics firm to investigate what happened. This effort, which concluded in April 2019, traced the unauthorized access back to a phishing email received in July 2018. It also failed to rule out the possibility that the attack exposed customers’ personal information including their name, email address, phone number and birthdate.

The investigation did determine, however, that the security event left customers’ payment card information untouched.

Given these findings, Bodybuilding.com decided to reset all users’ passwords and to provide users with information about how they can protect their data. Additionally, it said that it will continue to work with law enforcement authorities to monitor for suspicious activity on its site and to improve the security of its systems. As quoted in a statement published on its website:

We sincerely regret any inconvenience or concern caused by this incident. We are committed to protecting your information and maintaining your trust and confidence.

This isn’t the first time that Bodybuilding.com has suffered a security event. Back in 2008, a user of the site found that they could upload and host HTML files with JavaScript links using the blog’s upload feature. By abusing that weakness, the user said they could potentially modify or delete other users’ body stats.

The platform plugged that particular weakness three days after it was disclosed.

Regarding this latest security incident, users of Bodybuilding.com can protect themselves by using this expert guidance to create a strong password for their accounts. They should also exercise caution around suspicious links and email attachments. Towards that end, (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/bodybuilding-com-data-incident/

April 23, 2019April 23, 2019 David Bisson Bodybuilding.com, data, IT Security and Data Protection, Latest Security News, Security Incident
  • ← Why People Who Protect Others Need to be at Their Best; Tackling Mental Health in Cybersecurity [Q&A with Dr. Ryan Louie, MD, Ph.D.]
  • Winning the Data Game – Banks must view FinTech and data security as stepping stones not obstacles →

TechStrong TV – Live

Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

The Need for a Cybersecurity Protection Agency
Heartbreak and Hacking: Dating Apps in the Pandemic
Wordsmithing: Cybersecurity or Cyber Safety?
U.S. Fingers Putin’s Cozy Bear for SolarWinds Attacks
Enterprise Data Encryption Use Reaches Historic Highs
Biden Admin Takes Action to Defend Electric Utilities Against Cyberattacks
Why Traditional Cybersecurity Tools Cannot Defend Against Zero-Day and No Signature Attacks
Important Strategies for Aligning Security With Business Objectives
Securing Your Supply Chain with CIS and Tripwire
WordPress Continues to Fall Victim to Carding Attacks

Upcoming Webinars

Wed 21

Managing Open Policy Agent at Scale

April 21 @ 3:00 pm - 4:00 pm
Thu 22

A New Approach to Secure Web Gateways

April 22 @ 11:00 am - 12:00 pm
Mon 26

The Kubernetes Network (Security) Effect

April 26 @ 9:00 am - 10:00 am
Mon 26

Application Security: Moving at the Speed of DevOps

April 26 @ 1:00 pm - 2:00 pm
Wed 28

Cyber Attacks From the Open Source Perspective

April 28 @ 1:00 pm - 2:00 pm
Thu 29

Hack My Java Application: How Snyk and Red Hat Help Developers Stay Performant and Secure

April 29 @ 11:00 am - 12:00 pm
May 05

Managing Permissions and Entitlements is at the Core of a Zero Trust Model in the Cloud

May 5 @ 3:00 pm - 4:00 pm

More Webinars

Download Free eBook

The Dangers of Open Source Software and Best Practices for Securing Code

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Online Ed is the New Corporate Threat Vector
Cybersecurity Governance, Risk & Compliance Industry Spotlight Malware Security Boulevard (Original) Threats & Breaches 

Online Ed is the New Corporate Threat Vector

April 19, 2021 Curtis Simpson | 11 hours ago 0
Three Wishes to Revitalize SIEM and Your SOC
Cybersecurity Data Security Endpoint Industry Spotlight Network Security Security Boulevard (Original) 

Three Wishes to Revitalize SIEM and Your SOC

April 16, 2021 Albert Zhichun Li | 3 days ago 0
Breach Clarity Weekly Data Breach Report: Week of April 12
Cybersecurity Data Security Identity & Access Industry Spotlight Security Boulevard (Original) Threats & Breaches 

Breach Clarity Weekly Data Breach Report: Week of April 12

April 14, 2021 Kyle Marchini | Apr 14 0

Top Stories

U.S. Fingers Putin’s Cozy Bear for SolarWinds Attacks
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Endpoint Featured Governance, Risk & Compliance Incident Response IoT & ICS Security Malware Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

U.S. Fingers Putin’s Cozy Bear for SolarWinds Attacks

April 16, 2021 Richi Jennings | 3 days ago 0
YT$AW: FBI Cleans Up Exchange Servers, NSA Tips Microsoft 4 More Bugs
Analytics & Intelligence Cloud Security Cyberlaw Cybersecurity Data Security Endpoint Featured Governance, Risk & Compliance Incident Response Malware Network Security News Security Awareness Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

YT$AW: FBI Cleans Up Exchange Servers, NSA Tips Microsoft 4 More Bugs

April 14, 2021 Richi Jennings | Apr 14 0
Son of Stuxnet? Iran Nuke Site Hacked ‘by Israel’ (Again)
Analytics & Intelligence Application Security AppSec Cyberlaw Cybersecurity Deep Fake and Other Social Engineering Tactics Endpoint Featured Governance, Risk & Compliance Identity & Access Identity and Access Management Incident Response IoT & ICS Security Malware Network Security News Securing the Edge Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Son of Stuxnet? Iran Nuke Site Hacked ‘by Israel’ (Again)

April 12, 2021 Richi Jennings | Apr 12 0

Security Humor

via the comic delivery system monikered Randall Munroe resident at XKCD !

XKCD ‘AI Methodology’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.