Fitness website PayAsUGym has confirmed one of its servers has been hacked.

The company, which sells passes for gyms around the UK, acknowledged that 300,000 email addresses and passwords of its members had been accessed on Thursday. The website said it did not hold financial or credit card details of its users on its servers. Customers have been advised to change their passwords and the company has also migrated to new servers.

PayAsUGym alerted its members to the security breach in an email on Friday which said “one of the company’s IT servers was accessed by an unauthorised person”. It went on to say: “Although we do not hold any financial or credit card information, the unauthorised person could have accessed the e-mail address and password of our customers. Passwords are encrypted when saved in the database, nevertheless I would encourage you to change your password.”

Several customers’ email addresses and passwords appear to have been published online. PayAsUGym said once it was alerted, it “closed down” the breach and contacted the police.It has also started using new servers after speaking with cyber security professionals. The website uses a “tokenised system” for customer payments which, it says, means card details are stored at the payment gateway – not on its servers.”This is the highest level of security process for dealing with payments,” it said.

PayAsUGym added: “We take the security of customer information very seriously. Unfortunately cyber attacks are becoming more frequent which is why, as a policy, we do not (and will never) hold financial or credit card details and we insist that all passwords are encrypted when stored.”

Tips

• To create a strong password, simply choose three random words. Numbers, symbols and combinations of upper and lower case can be used if you feel you need to create a stronger password, or the account you are creating a password for requires more than just letters.
• The routine changing of passwords is not recommended, unless the accounts to which they apply have been hacked, in which case they should be changed immediately. This also applies if another account or website for which you use the same login details have been hacked.
• Use a different password for every website. If you have only one password, a criminal simply has to break it to gain access to everything.
• Don’t recycle passwords (for example password2, password3).

You can check the strength of a password by using the How Secure is My Password website-  https://howsecureismypassword.net/

 

Don’t Forget
Complete the new 2016 Cyber Crime survey, so we can see the full scope of Cyber Crime in Warwickshire, and across West Mercia and the West Midlands – https://www.surveymonkey.co.uk/r/RegionalCyber16

For more information about our work, please visit www.safeinwarwickshire.com/cybercrime

Cyber Aware is a cross-government campaign, funded by the National Cyber Security Programme. They aim to measurably and significantly improve the online safety behaviour and confidence of consumers and small businesses (SMEs).

Get Safe Online is the UK’s leading source of factual and easy-to-understand information on online safety. Their website offers advice on how you can protect yourself, your computers and devices, and your business against the likes of fraud, identity theft, viruses and other potential online problems.