Ready to
get started?

Please feel free to give us a call on 0203 784 4460 or fill out the form below and we’ll get straight back to you.

PayAsUGym: Not Fit Enough to Outpace Hackers

Sat 7 Jan 2017

Launched in 2010, PayAsUGym was launched to ensure that fitness fits around user’s lives and not the other way around. A subscription service, it offers discounts and savings for users using their local gym and can even help you to work-out from home. However, the company has recently revealed that it has become the victim of a cyber attack and has subsequently advised its customers to cancel their credit card details and change passwords. It is estimated that over 300,000 accounts are likely to have been compromised.

PayAsUGym – Slow to Respond

PayAsUGym has come under heavy fire for not responding to the breach immediately and has admitted that the breach lay undisclosed for a number of days. As part of the hack, digits from credit cards, names and home addresses were appropriated and these have already resurfaced on the Dark Web, for sale at around $100 each. Although it appears that the details stolen don’t include the three-digit security code found on the back of a credit card, experts believe that the details are enough for fraudsters to steal money, making the data highly valuable, in cybercriminal circles.

Details Published Online

In an email to the compromised clients, PayAsUGym has said that “although we do not hold any financial or credit card information, the unauthorised person could have accessed the email addresses and passwords of our customers. Passwords are encrypted when saved in the database, nevertheless I would encourage you to change the password.” However, reports have been coming in, suggesting that the details of a number of the company’s users have already been published online, apparently refuting PayAsUGym’s claims. In this instance, customers would be best advised to cancel any affiliated cards, immediately.

Gone in Six Seconds

Newcastle University has recently published findings that estimate it takes as little as six seconds for criminals to work out the missing information, citing it as “frighteningly easy”. If anything, the PayAsUGym hack highlights the fact that, on a daily basis, consumers are trusting businesses and corporations with sensitive data; data that needs to be protected – and that protection is the responsibility of the businesses entrusted with the data.

Comments are closed.