Hackers have stolen a database holding sensitive customer data from 3.7 million users of the online scheduling and appointment platform FlexBooker.
3.7 million accounts were hacked, exposing email addresses, names, passwords, phone numbers, and partial credit card numbers.
Flexbooker revealed that in December, the scheduling platform’s Amazon Web Services (AWS) servers were hacked.
However, the hackers were unable to obtain “any credit card or other payment card information” according to the Flexbooker.
Bleepingcomputer reported that FlexBooker sent a data breach notification to customers, confirming the attack and that the intruders “accessed and downloaded” data from the service’s Amazon cloud storage system.
FlexBooker apologised for the data breach and also acknowledged that system data storage was accessed and downloaded.
FlexBooker said in a statement “We sent a notification to all affected parties and have worked with Amazon Web Services, our hosting provider, to ensure that our accounts are re-secured. We deeply apologise for the inconvenience caused by this issue,”
Owners of businesses who need to schedule appointments, such as accountants, barbers, doctors, mechanics, lawyers, dentists, gyms, salons, therapists, trainers, spas, and more, are among FlexBooker’s customers.
The report said “Claiming the attack seems to be a group calling themselves Uawrongteam, who shared links to archives and files with sensitive information, such as photos, driver’s licenses, and other IDs,”