Attackers are trading millions of records from a trio of pre-holiday breaches on an online forum.
A threat group that identifies itself as Uawrongteam is dumping data stolen from FlexBooker – a popular online appointment scheduling tool for booking services ranging from counseling to haircuts – on a cybercriminal forum.
The data from FlexBooker is being offered up by Uawrongteam, along with other databases stolen on the same day, Dec. 23, from Racing.com and Redbourne Group’s rediCASE case management software, BleepingComputer reported.
FlexBooker sent a notification to its users, explaining that its Amazon AWS servers were compromised by what the company was able to identify as a distributed denial-of-service (DDoS) attack. FlexBooker customers include the brands GoDaddy, Chipotle, Bausch + Lomb and Krewe.
— Mooniter (@mooniter) January 6, 2022
“After working further with Amazon to understand what happened, we learned a certain set of data, including personal information of some customers, was accessed and downloaded,” the company said.
More than 3.7M FlexBook Records Up For Grabs
According to Have I Been Pwned, the FlexBooker breach compromised 3.7 million accounts with information including email