A company with a self-proclaimed "Biohacker" for a founder and CEO has, itself, been hacked.
Bulletproof has an e-commerce website that may not have lived up to its name.
The hack started last year and allowed access to customer financial information during check-out from the site, which sells supplements and food.
The company says it determined that someone inserted code into the software that operates the checkout page.
Anna Collins, Chief Operating Officer, says this in Bulletproof's breach notification letter to customers: "Bulletproof determined that the unauthorized code may have been capable of capturing information entered during the checkout process. The information compromised by the incidents may have included your name, payment card number, expiration date, and CVV number from payment cards used for online transactions on Bulletproof’s e-commerce website from October 26, 2016 to May 30, 2017, and August 28, 2017 through September 5, 2017."
Do the math on this one, and we're talking more than seven months during which customers potentially had their payment information stolen.
The company says it is making changes: "To help prevent a similar incident from occurring in the future, Bulletproof has implemented enhanced security measures, including installing a new website security platform, implementing a security information and event management system (SIEM), and implementing enhanced logging."
Hopefully, whoever is responsible is not a part of the "more than 1 million biohackers who follow Bulletproof for leading-edge information on how to supercharge your body, upgrade your brain, and become Bulletproof."
Because the last thing InfoSec experts need is a bulletproof hacker.
