ShellCodeX
Tools โ€ข Events โ€ข News โ€ข Insights
ShellCodeX Breach Report

PayAsUGym Data Breach

payasugym.com
Limited exposure
Verified breach Passwords exposed
Accounts exposed 400,260
Breach date 15 Dec 2016
Added to tracker 17 Dec 2016
Data classes 8

What happened

In December 2016, an attacker breached PayAsUGym's website exposing over 400k customers' personal data. The data was consequently leaked publicly and broadly distributed via Twitter. The leaked data contained personal information including email addresses and passwords hashed using MD5 without a salt.

Exposed data

Browser user agent details Email addresses IP addresses Names Partial credit card data Passwords Phone numbers Website activity

Recommended actions

  • Change your PayAsUGym password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing PayAsUGym โ€” attackers weaponise breach data quickly.
  • Monitor your bank and card statements closely and consider requesting a card replacement.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP