FlexBooker, provides a cloud-based online scheduling and booking service, has exposed the personal details of more than 3.7 million users. The incident took place in December 2021 after a threat actor compromised one of the company’s AWS accounts.
The threat actor used the account to collect 9.5 million records from the company’s AWS infrastructure, data that was eventually leaked online on a forum dedicated to trading hacked data.
A service that indexes hacked data, said that he received a copy of the stolen files, which turned out to contain information on more than 3.7 million unique users that contains real names, email addresses, phone numbers, and for a small number of accounts, password hashes and partial credit card information.
These users are most likely unaware that their data was leaked online. Affected users are persons who made online reservations on the websites of doctors, accountants, barbers, mechanics, and others, all of whom used FlexBooker’s services to manage online bookings.
Have I Been Pwned service is currently sending emails with a notification about the exposure to all those who had an email address included in the leak.
This is the second major breach that Hunt has added to his Have I Been Pwned service this week after indexing 7.5 million user records that leaked from music mixtape service DatPiff. The DatPiff data also leaked last month, on the same forum as the FlexBooker breach.