GB PayAsUGym Dec 2016 Hacking (Q10282)
From Open Risk Data
A data breach risk event
Language | Label | Description | Also known as |
---|---|---|---|
English |
GB PayAsUGym Dec 2016 Hacking
|
A data breach risk event
|
Statements
F3282B8C-0D85-4616-9AA8-93B13B6473E0
December 2016
0 references
Fitness website PayAsUGym has been breached in a hack that may have exposed up to 400K emails and passwords. In a breach notice to users, the firm admitted one of its servers was hacked after underground researchers posted screenshots purporting to show PayAsUGyms hacked database via Twitter. The 1x0123 hacker crew later claimed that they planned to sell off the compromised database through underground markets. PayAsUGym apparently used the obsolete MD5 hashing technology, making it straightforward to work out the corresponding passwords using a brute force attack and dictionary lookups. Troy Hunt, the security researcher behind the haveibeenpwned breach notification website, warned over the weekend that PayAsUGym data appears to be circulating with more than 400k unique emails in there f (English)