More than three million accounts of FlexBooker, a U.S.-based appointment scheduling service, were hijacked in an attack before the holidays and are now being sold on hacker forums. The same attackers are also selling datasets purporting to be from two other Australian companies: Racing.com and Redbourne Group’s rediCASE case management software.
The data from all three thefts was purportedly shared on a hacker site a few days before Christmas. FlexBooker, a popular application for arranging appointments and synchronizing employee calendars, appears to be the most recent data dump source. Among FlexBooker’s clients are owners of any business that needs to plan appointments, such as accountants, barbers, physicians, mechanics, attorneys, dentists, gyms, salons, therapists, trainers, spas, and the list goes on.
A group calling itself Uawrongteam appears to have claimed responsibility for the attack, sharing links to archives and files containing sensitive information such as pictures, driver’s licenses, and other IDs. The database, according to Uawrongteam, has a table containing 10 million lines of client data, which includes anything from payment forms and charges to driver’s license photographs.
According to the actor, names, emails, phone numbers, password salt, and hashed passwords are among the database’s “juicy columns.” FlexBooker has notified clients of a data breach, confirming the intrusion and stating that the attackers “accessed and downloaded” data from the service’s Amazon cloud storage system.
“On December 23, 2021, starting at 4:05 PM EST our account on Amazon’s AWS servers was compromised,” reads the notice, adding that the intruders did not access “any credit card or other payment card information.”
On the other hand, FlexBooker advised consumers to remain careful and check their account statements and credit reports for any unusual or fraudulent activity. For further information, the developer directed users to a report on a distributed denial-of-service (DDoS) attack. It was then determined that the hackers had acquired specific consumers’ personal information.
As per the Have I Been Pwned data breach reporting service, the FlexBooker data breach affected more than 3.7 million accounts (3,756,794), including email addresses, names, partial credit card info, passwords, and phone numbers. Before FlexBooker, the Uawrongteam threat actor distributed links to allegedly stolen material from Racing.com, a digital television station that broadcasts horse races and offers associated news, statistics, and event calendars. The data from the Redbourne Gang’s rediCASE Case Management Software, which is employed for health and community services, looks to be another target of the same group.