An Idaho-based fitness retailer has disclosed it has suffered from a phishing attack. As a result, the retailer BodyBuilding.com suffered a data breach affecting some customer information.
BodyBuilding.com Admit Data Breach
Reportedly, the fitness store BodyBuilding.com fell victim to a phishing scam that compromised their systems. The company suffered from the cyber attack for several months, which resulted in exposure of customer information to the attackers.
BodyBuilding.com disclosed about the incident in a dedicated notice on their website. As stated, they first noticed unauthorized access to their systems in February 2019 when investigations confirmed a security breach. They then started formal investigations whilst involving a cybersecurity firm and found a phishing email responsible for the incident.
“We engaged one of the leading data security firms to conduct a thorough investigation, which traced the unauthorized activity to a phishing email received in July 2018.”
While they had concluded the investigations in April 2019, they suspected a data breach has occurred as well. This breached information could include personal details of BodyBuilding.com customers as they advise;
“Information you provided to us which might have been accessed in this incident could include name, email address, billing/shipping addresses, phone number, order history, any communications with Bodybuilding.com, birthdate, and any information included in your BodySpace profile… If you have an online account with us, Bodybuilding.com user names and passwords might have been accessed.”
With respect to the payment card information, they have confirmed that they never save full credit card numbers. However, they do store the last four digits of the credit/debit card numbers, which might be included in the breached data. They also state that regarding the BodySpace profile, the vendors stated it already remains public as per their policy.
Vendors Confirm The Matter Resolved
BodyBuilding.com assure no misuse of information has occurred, and possibly, no access to the personal data as well. Moreover, they also confirm that they have fixed the matter.
“We have worked with an outside security expert to address the vulnerabilities and remediate the incident.”
They also assured that they have duly informed the relevant law enforcement agencies of the matter. In addition, they also continue with the investigations.
As for the customers affected during the incident, the retailers are notifying them via emails. As a precaution, BodyBuilding.com also urges all customers to change their account passwords.
BodyBuilding.com is an Idaho-based fitness online store. The site boasts 35 million unique visitors per month.
Let us know your thoughts in the comment section.