PayAsUGym

What Happened

In December 2016, an attacker breached PayAsUGym's website exposing over 400k customers' personal data. The data was consequently leaked publicly and broadly distributed via Twitter. The leaked data contained personal information including email addresses and passwords hashed using MD5 without a salt.

Compromised Data

Browser user agent details

Email addresses

IP addresses

Names

Partial credit card data

Passwords

Phone numbers

Website activity

Recommended Actions

Change Your Password

If you haven't changed your password on this service since the breach, do so immediately.

Enable Two-Factor Authentication

If 2FA is supported, add an extra layer of security to your account.

Check Other Accounts

If you used the same password elsewhere, change those too.

Monitor for Suspicious Activity

Watch for unusual login attempts, spam and phishing emails.

Use 1Password to generate and store strong, unique passwords for all your accounts.

Try 1Password

Breach Overview

Affected Accounts:

400.3 thousand
Breach Occurred:

December 2016
Added to HIBP:

17 Dec 2016

Recommended Actions

Change Your Password

If you haven't changed your PayAsUGym password since 2016, do so immediately.

Enable Two-Factor Authentication

Add an extra layer of security to your account.

Check Other Accounts

If you used the same password elsewhere, change those too.

Monitor for Suspicious Activity

Watch for unusual login attempts or messages from your account.

Use 1Password to generate and store strong, unique passwords for all your accounts.

Try 1Password

PayAsUGym

What Happened

Compromised Data

Recommended Actions

Change Your Password

Enable Two-Factor Authentication

Check Other Accounts

Monitor for Suspicious Activity

Breach Overview

400.3 thousand

December 2016

17 Dec 2016

Recommended Actions

Change Your Password

Enable Two-Factor Authentication

Check Other Accounts

Monitor for Suspicious Activity

Services

Information