09:24 22 December 2016
PayAsUGym, which sells passes for gyms around the United Kingdom, has confirmed that 300,000 email addresses and passwords of its members had been accessed on Thursday. However, it clarified that the server that has been hacked did not hold financial or credit card details.
Following security breach, the company has already migrated to new servers and has advised its customers to change their passwords.
In an email sent to its members on Friday, the company said: "one of the company's IT servers was accessed by an unauthorised person".
"Although we do not hold any financial or credit card information, the unauthorised person could have accessed the e-mail address and password of our customers.
"Passwords are encrypted when saved in the database, nevertheless I would encourage you to change your password."
However, several customers’ email addresses and passwords have been published online.
PayAsUGym added: "We take the security of customer information very seriously. Unfortunately cyber attacks are becoming more frequent which is why, as a policy, we do not (and will never) hold financial or credit card details and we insist that all passwords are encrypted when stored."