Eyebrows were raised here at BreachAlarm when we imported a new database breach from MuscularStrength.com, a site devoted to bodybuilding and strength training, run by athlete Scott Herman.
Released by hacker Sinister, the leaked file packed 54,096 stolen records, including usernames, email addresses, hashed passwords, full street addresses (as well as city, state, zip and country), payment methods and phone numbers.
If credit cards were used as a payment method on a given user’s account, their expiry dates and last 4 digits of the cards were also included in the public release.
The popular site, which includes a community forum and online store, has seemingly been hit hard by the attack. The site appears to be going down regularly, suggesting a large amount of hits, possibly by hackers testing out the leaked login details.
All registered users of the site should change their passwords as soon as possible. If you’re in touch with any other members of the site’s community, let them know about the breach. Be sure to implement a strong password (see the Guide), using numbers, lower and uppercase letters, as well as symbols.
Even better, use a password manager to generate a new credential. If you’re using the same password and email address for MuscularStrength as you do for other sites, now’s a great time to get started with password management. Take a look at our How-to for more information.