Amazon steps in to close exposed FlexBooker bucket after December data breach

Digital scheduling platform FlexBooker has been accused of exposing the sensitive data of millions of customers, according to security researchers at vpnMentor.

The researchers said the Ohio-based tech company was using an AWS S3 bucket to store data but did not implement any security measures, leaving the contents totally exposed and easily accessible to anyone with a web browser.

The 19 million exposed files included full names, email addresses, phone numbers and appointment details. 

FlexBooker did not respond to requests for comment from ZDNet but vpnMentor said they contacted the company and Amazon about the issue.

“We did contact them in January, to which they sent what seemed to be an automatic reply about the leak that affected them in December. We tried to explain it was a new breach, but didn’t hear back,” a vpnMentor spokesperson said. “Which is why we decided to contact AWS directly (as Flexbooker wrote on their site they were working together with Amazon), and soon after the bucket was secured (Amazon probably informed Flexbooker, as Amazon isn’t supposed to do it themselves).”

In January, FlexBooker apologized for a data breach that involved the sensitive information of 3.7 million users. At the time, the company told ZDNet a portion of its customer database

Read More: https://www.zdnet.com/article/amazon-steps-in-to-close-exposed-flexbooker-bucket-after-december-data-breach/#ftag=RSSbaffb68