ShellCodeX Breach Report
PayAsUGym Data Breach
payasugym.com
Verified breach
Passwords exposed
Accounts exposed
400,260
Breach date
15 Dec 2016
Added to tracker
17 Dec 2016
Data classes
8
What happened
In December 2016, an attacker breached PayAsUGym's website exposing over 400k customers' personal data. The data was consequently leaked publicly and broadly distributed via Twitter. The leaked data contained personal information including email addresses and passwords hashed using MD5 without a salt.
Exposed data
Browser user agent details
Email addresses
IP addresses
Names
Partial credit card data
Passwords
Phone numbers
Website activity
Recommended actions
- Change your PayAsUGym password immediately, and update it anywhere you reused the same password.
- Enable two-factor authentication on the affected account and on your critical services (email, banking).
- Watch for targeted phishing emails referencing PayAsUGym โ attackers weaponise breach data quickly.
- Monitor your bank and card statements closely and consider requesting a card replacement.
- Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP