Accounts of more than three million users of the U.S.-based FlexBooker appointment scheduling service have been stolen in an attack before the holidays and are now being traded on hacker forums.
The same intruders are offering databases claiming to be from two other entities: racing media organization Racing.com and Redbourne Group’s rediCASE case management software, both from Australia.
Pre-holiday breaches
All three breaches allegedly occurred a few days before Christmas and the intruder published the data on a hacker forum.
The latest data dump appears to be from FlexBooker, a popular tool for scheduling appointments and synchronizing employee calendar.
Among FlexBooker’s customers are owners of any business that needs to schedule appointments, which is everything from accountants, barbers, doctors, mechanics, lawyers, dentists, gyms, salons, therapists, trainers, spas, and the list goes on.
Claiming the attack seems to be a group calling themselves Uawrongteam, who shared links to archives and files with sensitive information, such as photos, driver’s licenses, and other IDs.
According to Uawrongteam, the database contains a table with 10 million lines of customer information that ranges from payment forms and charges to driver’s license photos.
The actor notes that some “juicy columns” in the database are names, emails, phone numbers, password salt, and hashed passwords.
FlexBooker has sent a data breach notification to customers, confirming the attack and that the intruders “accessed and downloaded” data on the service’s Amazon cloud storage system.
“On December 23, 2021, starting at 4:05 PM EST our account on Amazon’s AWS servers was compromised,” reads the notification, adding that the intruders did not access “any credit card or other payment card information.”
However, FlexBooker recommended users to stay vigilant and review account statements and credit reports for suspicious or fraudulent activity.
The developer also pointed users to a report on a distributed denial-of-service (DDoS) attack for more details. It was later discovered that the hackers had stolen personal information of some customers.
According to the Have I Been Pwned data breach notification service, the FlexBooker attack compromised data of more than 3.7 million accounts (3,756,794) consisting of email addresses, names, partial credit card data, passwords, and phone numbers.
Before FlexBooker, the Uawrongteam threat actor shared links to archived information allegedly stolen from Racing.com, a digital television that broadcasts horse racing and provides related news, statistics, and event calendars.
Another target of the same group appears to be the data from the rediCASE Case Management Software from the Redbourne Group, which is used for health and community services, as well as by various businesses.