Over 3.7 million accounts were compromised in the FlexBooker data breach

The appointment scheduling service FlexBooker discloses a data breach that impacted over 3.7 million accounts.

Threat actors compromised the FlexBooker accounts of more than 3.7 million users, the attack took place before the holidays. Stolen data are now available for sale on multiple cybercrime forums.

FlexBooker is an online appointment scheduling platform that allows users to schedule appointments and sync employee calendars.

The attack was carried out by a group calling themselves Uawrongteam, who published links to archives and files containing IDs, driver’s licenses, photos. The threat actors claim the stolen database contains customer information, including names, emails, phone numbers, hashed passwords, and password salt.

The company already notified local authorities and sent a data breach notification to the impacted customers. According to the notification, threat actors compromised the service’s Amazon cloud storage system.

FlexBooker recommends users stay vigilant and review account statements and credit reports for suspicious transactions

The data breach notification service Have I Been Pwned reports that 3,756,794 accounts were compromised in the attack.

“In December 2021, the online booking service FlexBooker suffered a data breach that exposed 3.7 million accounts. The data included email addresses, names, phone numbers and for a small number of accounts, password hashes and partial credit card data. The data was found being actively traded on a popular hacking forum. FlexBooker has identified the breach as originating from a compromised account within their AWS infrastructure.” states HIBP.

The Uawrongteam is also offering data allegedly stolen from the Racing.com digital television and the rediCASE Case Management Software developed by the Redbourne Group.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, IKEA)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.