Famous fitness website PayAsUGym around the UK has acknowledged that 300,000 email address and passwords of its members were accessed on Thursday. Good thing is that they did not hold any credit card details of its users on the server that got hacked.
On Friday, PayAsUGym alerted its users about the data breach in an email which said,”one of the company’s IT servers was accessed by an unauthorised person”.
“Although we do not hold any financial or credit card information, the unauthorised person could have accessed the e-mail address and password of our customers,” the email continued.
“Passwords are encrypted when saved in the database, nevertheless I would encourage you to change your password.”
What to do now?
Users were advised to change their passwords and the company has also moved to a new server with the help of cyber security professionals. The website uses a “tokenised system” for customer payments which, it says, means card details are stored at the payment gateway – not on its servers.
“We take the security of customer information very seriously. Unfortunately cyber attacks are becoming more frequent which is why, as a policy, we do not (and will never) hold financial or credit card details and we insist that all passwords are encrypted when stored.”