Violation of Flexbooker online scheduling service exposes data from 3.7 million users

A group of hackers is trading a database of stolen information from FlexBooker, a cloud-based appointment scheduling tool, containing sensitive customer data. According Bleepingcomputer, the company suffered a security breach before the holidays and notified its customers of the attack via email, where it revealed that its Amazon AWS servers were compromised on December 23rd. You also admitted that your system’s data store was accessed and downloaded.

Based on Have I Been Pwned information, the breach compromised 3.7 million accounts containing email addresses, names, passwords, phone numbers and partial credit card numbers. Bleepingcomputer says a group called Uawrongteam took credit for the attack and shared links to files with the stolen data, which the group claimed also included user’s driver’s licenses, other IDs, password salt and hashed passwords. Typical FlexBooker customers are people who need to be able to quickly schedule appointments with clients, such as doctors, lawyers, dentists, gyms, mechanics, salons, trainers, therapists, etc.

In Flexbooker’s email to users, he said that the attackers were unable to obtain “any credit card or other payment card information”. We’re assuming the company didn’t take the stolen partial credit card numbers into account. Prior to Flexbooker, Uawrongteam previously claimed other data breaches and also traded databases with information stolen from its previous targets. They include data from Racing.com, a digital TV network that broadcasts horse racing, and the rediCASE case management software solution for healthcare and other businesses.

All products recommended by Ploonge are selected by our editorial team, regardless of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we can earn an affiliate commission.

Leave a Reply

Your email address will not be published.