Flexbooker online appointment service breach exposes data of 3.7 million users


A group of hackers is trading a database of stolen information from FlexBooker, a cloud-based tool for scheduling appointments, containing sensitive customer data. According to BleepingComputer, the company suffered a security breach before the holidays and notified its customers about the attack in an email, where it revealed that its Amazon AWS servers were compromised on December 23rd. It also admitted that its system data storage was accessed and downloaded.

Based on information from Have I Been Pwned, the breach compromised 3.7 million accounts containing email addresses, names, passwords, phone numbers and partial credit card numbers. BleepingComputer says a group called Uawrongteam took credit for the attack and shared links to archives with the stolen data, which the group claimed also include users’ drivers’ licenses, other IDs, password salt and hashed passwords. FlexBooker’s typical customers are people who need to be able to quickly schedule appointments with clients, such as doctors, lawyers, dentists, gyms, mechanics, salons, trainers, therapists, so and and so forth. 

In Flexbooker’s email to users, it said the infiltrators failed to get “any credit card or other payment card information.” We’re guessing the company didn’t take the stolen partial credit card numbers into account. Before Flexbooker, Uawrongteam previously claimed other data breaches and also traded databases with stolen information from its previous targets. They include data from Racing.com, a digital TV network that broadcasts horse racing, and from rediCASE Case Management Software solution for health services and other businesses. 

 

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.