A group of hackers trade a database of stolen information on FlexBooker, a cloud-based appointment scheduling tool, containing sensitive customer data. According to BipComputer, the company suffered a security breach before the holidays and informed its customers of the attack in an email, where it revealed that its Amazon AWS servers had been compromised on December 23. He also admitted that his data storage system had been accessed and downloaded.
According to information from Have I Been Pwned, the breach compromised 3.7 million accounts containing partial email addresses, names, passwords, phone numbers and credit card numbers. BipComputer said a group called Uawrongteam took credit for the attack and shared links to an archive with the stolen data, which the group said also includes users’ driving licenses, other credentials , password salt and hashed passwords. Typical customers of FlexBooker are people who need the ability to quickly schedule appointments with clients, such as doctors, lawyers, dentists, gyms, mechanics, salons, trainers, therapists, etc. .
In Flexbooker’s email to users, he said the infiltrators had failed to obtain “any credit card or other charge card information.” We assume that the company did not account for the stolen partial credit card numbers. Prior to Flexbooker, Uawrongteam previously claimed other data breaches and also swapped databases with information stolen from its previous targets. They include data from Racing.com, a digital television network that broadcasts horse races, and the rediCASE case management software solution for healthcare and other businesses.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through any of these links, we may earn an affiliate commission.