Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed

Search

Bodybuilding.com Data Breach

The popular website and fitness store, www.bodybuilding.com, announced on April 22nd, 2019 that they have been the victim of a data breach. The breach was found in February of 2019 and is said to be the result of a phishing email that was received in July of 2018. The company’s help center stated that the breach may “have affected certain customer information in our possession.” They also said that they could not confirm that personal information wasn’t accessed. The company stated that there was no full credit card information impacted in the breach because they only store the last four numbers of the customer’s card. The information that may have been accessed is the customer’s name, email address, shipping/billing address, order history, phone numbers and any communication with the company.  Bodybuilding.com claimed that no social security information was accessed in the data breach. The company states that they are notifying the affected customers and that they have forced a password reset on those accounts.  The alert that was published by www.bodybuilding.com also warns its customers that this may an attempt to start an email phishing campaign.

Analyst Notes

If a user has an online account with www.bodybuilding.com, then the user should change their password on their next login. Users should avoid any email that prompts the user to download an attachment or asks for personal information. It is also advisable to watch for any and all suspicious activity on the user’s other accounts in case personal information was accessed.