FlexBooker Discloses Data Breach, Over 3.7 Million Accounts Impacted (bleepingcomputer.com) 10
An anonymous reader quotes a report from BleepingComputer: Accounts of more than three million users of the U.S.-based FlexBooker appointment scheduling service have been stolen in an attack before the holidays and are now being traded on hacker forums. The same intruders are offering databases claiming to be from two other entities: racing media organization Racing.com and Redbourne Group's rediCASE case management software, both from Australia. Among FlexBooker's customers are owners of any business that needs to schedule appointments, which is everything from accountants, barbers, doctors, mechanics, lawyers, dentists, gyms, salons, therapists, trainers, spas, and the list goes on.
Claiming the attack seems to be a group calling themselves Uawrongteam, who shared links to archives and files with sensitive information, such as photos, driver's licenses, and other IDs. According to Uawrongteam, the database contains a table with 10 million lines of customer information that ranges from payment forms and charges to driver's license photos. The actor notes that some "juicy columns" in the database are names, emails, phone numbers, password salt, and hashed passwords. FlexBooker has sent a data breach notification to customers, confirming the attack and that the intruders "accessed and downloaded" data on the service's Amazon cloud storage system. "On December 23, 2021, starting at 4:05 PM EST our account on Amazon's AWS servers was compromised," reads the notification, adding that the intruders did not access "any credit card or other payment card information."
Claiming the attack seems to be a group calling themselves Uawrongteam, who shared links to archives and files with sensitive information, such as photos, driver's licenses, and other IDs. According to Uawrongteam, the database contains a table with 10 million lines of customer information that ranges from payment forms and charges to driver's license photos. The actor notes that some "juicy columns" in the database are names, emails, phone numbers, password salt, and hashed passwords. FlexBooker has sent a data breach notification to customers, confirming the attack and that the intruders "accessed and downloaded" data on the service's Amazon cloud storage system. "On December 23, 2021, starting at 4:05 PM EST our account on Amazon's AWS servers was compromised," reads the notification, adding that the intruders did not access "any credit card or other payment card information."
Just curious (Score:2)
Were they using Log4J?
Re: (Score:2)
Privacy is dead. (Score:3)
2022, the year no one has privacy. From criminals to government, from business to social media.
I'm extremely confused (Score:4, Interesting)
Another day (Score:3)
Another private company having a data breach.
It's looking more and more that going back to pen and paper might be a more secure way to store data.
Don't do business on a computer (Score:1)
My flexbookie is strictly pen and paper
Another one bites the dust.... (Score:2)
Seriously, why do those responsible not get locked up? It is well understood how to prevent such things from happening. It just costs money.
Your information is in the cloud (Score:2)
And it's there,now, for all the world to see, unfortunately.
'Before the holidays' means WHAT? (Score:4, Interesting)
Before Christmas? Before Chanukah? Before Thanksgiving? Before Halloween? Before Diwali? Before Eid?
There may be a case for using the term 'the holidays' to avoid offence. However when its use causes confusion and a lack of clarity, at that point it careless and foolish.