diff --git a/controller/credentialcontroller.php b/controller/credentialcontroller.php
index 51645fb7..3c6dd6b5 100644
--- a/controller/credentialcontroller.php
+++ b/controller/credentialcontroller.php
@@ -142,7 +142,7 @@ class CredentialController extends ApiController {
 		);
 
 
-		if ($storedCredential->getUserId() !== $this->userId) {
+		if (!hash_equals($storedCredential->getUserId(), $this->userId)) {
 			$acl = $this->sharingService->getCredentialAclForUser($this->userId, $storedCredential->getGuid());
 			if ($acl->hasPermission(SharingACL::WRITE)) {
 				$credential['shared_key'] = $storedCredential->getSharedKey();
@@ -219,7 +219,7 @@ class CredentialController extends ApiController {
 					'', array(),
 					$link, $target_user, Activity::TYPE_ITEM_ACTION);
 			}
-			if ($this->userId !== $storedCredential->getUserId()) {
+			if (!hash_equals($this->userId, $storedCredential->getUserId())) {
 				$this->activityService->add(
 					$activity, $params,
 					'', array(),