forces password reset after a security breach

Bad news for fitness and bodybuilding passionates, the popular online retailer announced that hackers have broken into its systems.

The popular online retailer website announced last week that hackers have broken into its systems. The website offers any kind of fitness articles, exercises, workouts, and supplements.

The company confirmed it has no evidence that personal customer information was accessed or misused, as a precautionary measure the company is notifying all current and former users and customers.

“ recently became aware of a data security incident that may have affected certain customer information in our possession. We have no evidence that personal information was accessed or misused, but we are directly notifying all current and former users and customers out of an abundance of caution.” reads the announcement published on the website.

“We became aware of a data security incident involving unauthorized access to our systems in February 2019. We engaged one of the leading data security firms to conduct a thorough investigation, which traced the unauthorized activity to a phishing email received in July 2018. On April 12, 2019, we concluded our investigation and could not rule out that personal information may have been accessed.”

The company hired a security firm to investigate the incident, it discovered that the attack begun with a phishing email received in July 2018.

The company reported the incident to law enforcement and with the help of the security firm is addressing the flaws exploited by the attackers and remediate the incident. The IT staff behind also introduced additional security measures and forced a password reset for its customers.

Data potentially exposed in the incident includes name, usernames and passwords. email address, billing/shipping addresses, phone number, order history, any communications with, birthdate, and any information included in the BodySpace profile.

According to the firm, potentially accessed data don’t include full payment card numbers because the firm does not store them.

“The information potentially accessed in this incident does NOT include full credit or debit card numbers, as we do not store those numbers when customers make purchases in our store.” continues the data breach notification note. “If you’ve opted to store your card in your account, we store only the last four digits of your payment card number for reference and use by you for subsequent purchases, but never the entire card number.”

As usual. users have to change their password for any other account on which they might have used the same credentials as for the account.

Below recommendations provided by the company:

  • Change your password for any other account on which you used the same or similar information used for your account.
  • Review your accounts for suspicious activity.
  • Be cautious of any unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.
  • Avoid clicking on links or downloading attachments from suspicious emails.

Pierluigi Paganini

April 25, 2019

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Top InfoSec Innovator & Black Unicorn Awards for 2024 are now Open! Finalists Notified Before BlackHat USA 2024...