ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

Glofox Data Breach

glofox.com
Significant exposure
Verified breach Passwords exposed
Accounts exposed 2,330,735
Breach date 27 Mar 2020
Added to tracker 10 Jan 2021
Data classes 6

What happened

In March 2020, the Irish gym management software company Glofox suffered a data breach which exposed 2.3M membership records. The data included email addresses, names, phone numbers, genders, dates of birth and passwords stored as unsalted MD5 hashes.

Exposed data

Dates of birth Email addresses Genders Names Passwords Phone numbers

Recommended actions

  • Change your Glofox password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Glofox — attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Exposed identity data raises identity-theft risk — consider credit monitoring or a credit freeze.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP