Unfortunately, it appears as though many of my colleagues in the industry have already beaten me to a report on this subject, but I can guarantee none of them have been published by BodyBuilding.com like I have – so f*ck em. Regardless, earlier today, April 22nd 2019, BodyBuilding.com came out with a press release revealing that their customers had been the victim of a massive phishing campaign spread using the email addresses stored on company servers. In the release, company representatives claim to have discovered the breach in February 2019, 8 months after the spread of the phishing campaign began in July 2018.
According to the release, “exposed data includes names, email addresses, physical addresses, phone numbers, order histories, communications with Bodybuilding.com, birthdays, account usernames and passwords, and information included in customers’ BodySpace profiles.” Additionally, the company claims that “the last four digits of stored payment card numbers may also have been affected,” but all other payment information remained safe. In response to the conclusion of the investigation into the data breach, BodyBuilding.com has took it upon themselves to reset the account passwords of every single one of their customers – myself included.
Lastly, as I just ordered something from the site last night, at least I can confirm that nothing fraudulent has been done to/with my account or any of the data on it – and the company certainly wont be losing my business over this in the future.
Full Release from BodyBuilding.com: https://www.bodybuilding.com/help?notifications&data-incident
— ZacM @ Firemon (@ZacMFiremon1) April 22, 2019