Nearly 100,000 users of Android anti-theft app Cerberus must reset their encrypted passwords after an attacker was able to gain unauthorized access to their credentials.

The attacker gained access to a legacy file that contained the usernames and encrypted passwords of 96,564 users, according to a notification posted Wednesday by The Cerberus Team, which explains that the passwords were encrypted with SHA-1 hash.

Passwords were reset and Cerberus deleted the log file and stopped the legacy logging procedure, according to the notification, which added that three accounts were accessed prior to Cerberus blocking the attacker and resetting the passwords.

No user data has been released publicly as of March 26, according to the notification, which adds that Cerberus is working with law enforcement in an ongoing investigation.