FlexBooker discloses data breaches where threat actors compromised 3.7 million user accounts are now being traded on hacker forums.
- Threat actors stole the FlexBooker scheduling service in an attack before the holidays.
- The stolen database contains millions of customer information.
FlexBooker discloses data breach where threat actors compromised 3.7 million user accounts and are now being traded on hacker forums.
FlexBooker is an online appointment scheduling platform that allows users to schedule appointments and sync employee calendars.
A group known as Uawrongteam carried out the attack and published links to archives and files containing IDs, driver’s licenses, photos.
The threat actors claim that the stolen database contains customer information, including names, emails, contact numbers, hashed passwords and password salt.
“In December 2021, the online booking service FlexBooker suffered a data breach that exposed 3.7 million accounts. The data included email addresses, names, phone numbers and for a small number of accounts, password hashes and partial credit card data. The data was found to be actively traded on a popular hacking forum. FlexBooker has identified the breach as originating from a compromised account within their AWS infrastructure.” states HIBP.
According to the data breach notification service Have I Been Pwned, around 3,756,794 accounts were compromised in the attack.
FlexBooker urges users to review account statements and credit reports for suspicious transactions.
The company notified the local authorities and sent a data breach notification to the impacted customers. The message states that threat actors compromised the service’s Amazon cloud storage system.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?