A bunch of hackers is buying and selling a database of stolen data from FlexBooker, a cloud-based instrument for scheduling appointments, containing delicate buyer knowledge. According to BleepingComputer, the corporate suffered a safety breach earlier than the vacations and notified its prospects in regards to the assault in an e mail, the place it revealed that its Amazon AWS servers had been compromised on December twenty third. It additionally admitted that its system knowledge storage was accessed and downloaded.
Based on data from Have I Been Pwned, the breach compromised 3.7 million accounts containing e mail addresses, names, passwords, telephone numbers and partial bank card numbers. BleepingComputer says a bunch known as Uawrongteam took credit score for the assault and shared hyperlinks to archives with the stolen knowledge, which the group claimed additionally embrace customers’ drivers’ licenses, different IDs, password salt and hashed passwords. FlexBooker’s typical prospects are individuals who want to have the ability to rapidly schedule appointments with shoppers, comparable to medical doctors, attorneys, dentists, gyms, mechanics, salons, trainers, therapists, so and and so forth.
In Flexbooker’s e mail to customers, it mentioned the infiltrators did not get “any bank card or different cost card data.” We’re guessing the corporate did not take the stolen partial bank card numbers into consideration. Before Flexbooker, Uawrongteam beforehand claimed different knowledge breaches and likewise traded databases with stolen data from its earlier targets. They embrace knowledge from Racing.com, a digital TV community that broadcasts horse racing, and from rediCASE Case Management Software resolution for well being providers and different companies.
New breach: Online reserving service FlexBooker had 3.7M accounts breached final month. Data included e mail addresses, names, telephone numbers and for some accounts, partial bank card knowledge. 69% had been already in @haveibeenpwned https://t.co/LGaAnj1hUA
— Have I Been Pwned (@haveibeenpwned) January 6, 2022