Do you frequent the website bodybuilding.com?
If so, be advised that the site has been breached.
According to a recent statement by the company behind the site, the breach occurred in February, 2019 and had its origins in a phishing email the company received back in July of 2018.
A detailed account of the incident was published on the company's help center and contained most of the elements we've come to expect when things like this happen:
- The company is very sorry that it happened
- "Certain" customer/member information may have been compromised
- The company has been working with law enforcement and has brought in a third party to assist with the forensic investigation, which is ongoing
The company also stressed that while partial payment account numbers were compromised, no full debit or credit card information was at risk. That is because the site only stores the last four digits of payment cards if and when a given user opted to have the data stored by the website.
Again in keeping with the common response to incidents like these, Bodybuilding.com reported that in exercising an abundance of caution, they are force-resetting all user passwords. If it's been a while since you've logged on, just be aware that the next time you do, you'll be prompted to change your password.
As to the specific data that was compromised, according to the latest information posted by the company, the following information was accessed by unknown third parties:
- User name
- The email address you used to sign up for the service
- Your billing and/or shipping address
- Your phone number
- Your order history
- Your birthday
- Any correspondence that may have occurred between you and the site administrators
- Any other information you included in your profile
As ever, if you're using the same password on this site that you use on some other, be sure to change both immediately. Try hard to break the habit of using the same password across multiple web properties.